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About this Guide 
About Qualys 


About this Guide 


This user guide is intended for application developers who will use the Qualys Container 
Security API. 


About Qualys 


Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and 
compliance solutions. The Qualys Cloud Platform and its integrated apps help businesses 
simplify security operations and lower the cost of compliance by delivering critical 
security intelligence on demand and automating the full spectrum of auditing, 
compliance and protection for IT systems and web applications. 


Founded in 1999, Qualys has established strategic partnerships with leading managed 
service providers and consulting organizations including Accenture, BT, Cognizant 
Technology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT, 
Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also 
founding member of the Cloud Security Alliance (CSA). For more information, please visit 
www.qualys.com 


Qualys Support 


Qualys is committed to providing you with the most thorough support. Through online 
documentation, telephone help, and direct email support, Qualys ensures that your 
questions will be answered in the fastest time possible. We support you 7 days a week, 
24 hours a day. Access online support information at www.qualys.com/support/. 


About Container Security Documentation 
This document provides information about using the Qualys Container Security API. 


For information on using the Container Security Ul to monitor vulnerabilities in Images, 
Containers, and Registries, refer to the Qualys Container Security User Guide. 


For information on deploying the sensor on MAC, CoreOS, and various orchestrators and 
cloud environments, refer to the Qualys Container Sensor Deployment Guide. 


For information on deploying the sensor in CI/CD environments refer to: 
Qualys Container Scanning Connector for Jenkins 


Qualys Container Scanning Connector for Bamboo 
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Get Started 


Accessing the APIs 
All features of Container Security are available through REST APIs. 
Equivalent Rest API request for each tab is provided on the Ul. 


ASSETS REPORTS CONFIGURATIONS 2. e "m 
— 


Click here for = 
REST API ^x. 


0-0of 0 ©) 


š D 
Equivalent REST request d 
This is the REST request for this list. 


curl -X GET -u <username>:<password> 'http:// 
api/v1.1/images? pageNumber=1&pageSize-50&sort=created%3Adesc* 


In the API response, 
associatedContainersCount shows count of containers in RUNNING or STOPPED state. 


associatedHostsCount shows count of hosts where Qualys sensor AND the image is 
installed. 


Permissions required to use APIs 
- User must have the Container module enabled 


- User must have API ACCESS permission 


Qualys API URLs 


Container Security supports both API server URLs and API gateway URLs for API requests. 


The Qualys API server or gateway URL you should use for API requests depends on the 
Qualys platform where your account is located. 


Click here to identify your Qualys platform and get the API URL 
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Authentication for gateway URLs 


You must authenticate to the Qualys Cloud Platform using Qualys account credentials 
(user name and password) and get the JSON Web Token (JWT) before you can start using 
the Gateway URLs. Use the Qualys Authentication API to get the JWT. 


For example, 


curl -X POST https://gateway.qgl.apps.qualys.com/auth -d 
"username-valuel&password-passwordValue&token-true" -H "Content-Type: 
application/x-www-form-urlencoded" 


where gateway.qg1.apps.qualys.com is the base URL to the Qualys API server where your 
account is located. 


- username and password are the credentials of the user account for Container Security 
- token should be true 
- Content-Type should be "application/x-www-form-urlencoded" 


The Authentication API returns a JSON Web Token (JWT) which you can use for 
authentication during Container Security API calls. The token expires in 4 hours. You must 
regenerate the token to continue using the Container Security API. 


Container Security API documentation for Gateway URLs is available at: 


https://«Qualys Gateway URL>/apidocs/csapi/vl.2 


For example, if your account is on US Platform 1 


https://gateway.qgl.apps.qualys.com/apidocs/csapi/v1.2 


Where's the Swagger UI? 


Click Rest Reference in the "Equivalent REST request” dialog to launch the Swagger UI, 
where you can try out the Rest APIs. 


{t} swagger Container Security APIs V1.1 (/v2/api-docs?group-Container Security APIs V1.1) v Authorize Explore 


Container Security APIs 


All features of the Container Security are available through REST APIs. 
Access support information at www.qualys.com/support/ 


Permissions: 
User must have the Container module enabled 


User must have API ACCESS permission 


Created by info@qualys.com 


Container : APIs to perform tasks on containers present on docker hosts 


Image : APIs to perform tasks on images present on docker hosts 


Registry : APIs to perform tasks on registries 


Get Started 
Do I need to Authenticate to use Swagger? 


You can directly access the Swagger UI from the following URL 


https://«QualysURL»/csapi/swagger-ui.html 


For example, if your account is on US Platform 2 


https://qualysapi.qg2.apps.qualys.com/csapi/swagger-ui.html 


Do | need to Authenticate to use Swagger? 


Authentication to the Qualys Cloud Platform is necessary before you try out the APIs. To 
get started, click Authorize and provide your user name and password. 


API Rate Limiting 


The Qualys Container Security API is enforcing limits on the number of API calls a 
customer can make based on the API endpoint being called and the customer's Qualys 
platform. API rate limits are currently enforced for Gateway API calls made by customers 
on US Cloud Platform 2 (https://gateway.qg2.apps.qualys.com) and will be enforced on 
other Qualys platforms soon. The API rate limits are enforced uniformly across all 
subscriptions on a particular platform. There currently is no ability to enforce custom rate 
limits for a given subscription. 


How it works 


When an API call is received, Qualys checks the rate limit defined for the API endpoint. If 
the rate limit has been exceeded the API call is blocked and an error is returned. 


For each API we've defined the following settings: 


Rate Limit Size (per API): The maximum number of API calls allowed within the 
subscription during the rate limit period. Provided in the response header 'X-RateLimit- 
Limit”. 

Rate Limit Period (in seconds, per API): The period of time that defines a window when 
API calls are counted within the subscription for each API. The window starts from the 
moment each API call is received by the service. Provided in the response header 'X- 
RateLimit-Window-Sec’. 


Rate Limit Remaining (per API): The remaining number of calls within the rate limit time 
period. Provided in the response header ‘X-RateLimit-Remaining’. 


Get Started 
API Rate Limiting 


Rate limits defined per API endpoint 


See the table below to understand the rate limits defined for Container Security API 
endpoints. Rate limits do not currently apply to the Container Runtime Security API. 


API Endpoint Path (currently Rate Limit Size Rate Limit Period Description 


vxx = v1.2 or v1.3) (max number (in seconds) 
of API calls) 

/csapi/vxx/containers/list 120 60 Every 60 seconds, you can 
make 120 calls to the API 

/csapi/vxx/containers/* 5000 60 Every 60 seconds, you can 
make 5000 calls to the API 

/csapi/vxx/images/list 120 60 Every 60 seconds, you can 
make 120 calls to the API 

/csapi/vxx/images/*™* 5000 60 Every 60 seconds, you can 
make 5000 calls to the API 

/csapi/vxx/registry/™ 1000 60 Every 60 seconds, you can 
make 1000 calls to the API 

/csapi/vxx/sensors/** 1000 60 Every 60 seconds, you can 
make 1000 calls to the API 


"represents any API endpoint that matches this path unless otherwise noted 


When the rate limit is reached 


The API response "429 Too Many Requests" is returned anytime a user makes an API call 
and the rate limit for the API endpoint has already been reached. In other words, the rate 
limit size has already been reached for the rate limit period. Here's an example: 


API request: 


curl -X GET 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/images/list?limit=1' -- 
header 'Authorization: Bearer <token>' 


Response: 


Response header 


HTTP/1.1 429 Too Many Requests 
Server: nginx/1.19.1 

Date: Thu, 17 Dec 2020 17:51:57 GMT 
Content-Length: 0 

Connection: keep-alive 
Cache-Control: no-cache, no-store, max-age-0, must-revalidate 
Pragma: no-cache 

Expires: 0 

X-Content-Type-Options: nosniff 
X-Frame-Options: DENY 
X-XSS-Protection: 1 ; mode-block 
Referrer-Policy: no-referrer 


Get Started 
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API output shows dates in Unix time (Epoch time) 


You'll notice dates/times that appear in several API responses appear in Unix time, also 
known as Epoch time, in milliseconds. You can use an online tool to convert the Unix 
timestamp into a human-readable date/time. 


For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. 


Kubernetes cluster attributes in API output 


We added the collection of Kubernetes cluster attributes starting in Container Security 
version 1.10, and made this information searchable in the UI. Kubernetes cluster 

attributes include node details, pod details, controller details and more. Use Container 
Security APIs to see Kubernetes cluster attributes collected for containers and sensors. 


Important - Kubernetes attributes will only be processed for containers discovered after 
the version 1.10 release. Kubernetes attributes are collected as part of container inspect 
processing when containers are discovered for the first time. To fetch Kubernetes cluster 
attributes for an existing deployment in Kubernetes, you will have to "rollout restart" the 
existing deployment, which will create new containers and this will start the container 
inspect processing. Kubernetes attributes will get collected for the newly created 
containers on Kubernetes clusters. 


Use the following command for the "rollout restart": 


kubectl rollout restart deployment «deployment-name» -n «namespace» 


API output 
Kubernetes cluster attributes appear in the API output for these Container Security APIs 


Fetch container details | Fetch a detailed containers list | Fetch sensor details 
You'll see these attributes in the API output, when available: 

- Cluster type (Kubernetes) 

- Cluster version 

- Project name (collected for projects in Google Cloud Platform) 

- Node name and flag indicating whether the node is the master node 
- Pod name 

- Pod UUID 

- Pod namespace 

- Pod labels (key and value pairs) 

- Controller name 

- Controller UUID 

- Controller type (e.g. DaemonSet, Deployment, ReplicaSet, etc) 
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Containers 


Here is the list of the APIs we currently support for containers: 


Containers 


API Objective Operator API Path 

Show a list of containers in your GET /csapi/v1.3/containers 

account 

Show details of a container GET /csapi/v1.3/containers/[containerSha] 

Show a list of containers in your GET /csapi/v1.3/containers/list 

account with container details 

Show software installed on a GET /csapi/v1.3/containers/{containerld}/software 
container 

Show vulnerability details for a GET /csapi/v1.3/containers/[containerId]/vuln 
container 

Show vulnerability count for a GET /csapi/v1.3/containers/[containerId)/vuln/count 
container 

Delete containers in your account DELETE /csapi/v1.3/containers 


Samples for various operations on containers: 


Fetch a list of containers in your account 
Fetch container details 


Fetch a detailed containers list 
Fetch a list of software installed on a container 
Fetch vulnerability details for a container 
Fetch vulnerability count for a container 


Delete containers in your account 


11. 


Containers 
Fetch a list of containers in your account 


Fetch a list of containers in your account 


/v1.3/containers 


[GET] 

Input Parameters: 

Parameter Description 

filter Filter the containers list by providing a query using 


Qualys syntax. Refer to the “How to Search” topic in the 
online help for assistance with creating your query. 


pageNumber or pageNo 


(Optional) The page to be returned. Page numbers start 
with 1. 


For API v1.1 and v1.2, pageNumber and pageNo are both 
supported. If both are specified in the same request, 
then pageNumber takes precedence. 


For API v1.3, only pageNumber is supported. 


pageSize (Required) The number of records per page to be 
included in the response. 
sort Sort the results using a Qualys token. For example 


created: desc. Refer to the "Sortable tokens” topic in 
the online help for more information. 


API request: 


curl -X GET 
'https://gateway.qg2 


.apps.qualys.com/csapi/v1.3/containers?pageNumber-1&p 


ageSize-50&sort-created$3Adesc' --header 'Authorization: Bearer <token>' 
Response: 
( 
"data": [ 
( 
"uuid": "2c8d6485-0c6d-3d7b-a2bd-86616f£78205", 
"sha": 
"27723ada671ea9£25624a9ff£dadde273038e4a48373bada6133371cb3bd7a9d3", 
"imageId": "27723ada671e", 
"repo" : [ 
( 
"registry": "docker.io", 
"repository": "qualysdemo/checkoutapp", 
"tag" H "demo" 
} 
l; 
"repoDigests": [ 
( 
"registry": "docker.io", 
"repository": "qualysdemo/checkoutapp", 
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Containers 
Fetch a list of containers in your account 


"digest": 
"6300£0a22bal1768ebed30dabba5d856f£c5536609ec12£c2b23e7bec7aa79ccd9b" 
} 
l; 
"created": 1507592726000, 
"updated": 1603767703217, 
"associatedContainersCount": 0, 
"associatedHostsCount": 1, 
"lastScanned": null, 
"size": 718071042, 
"vulnerabilities": ( 
"severity5Count": 
"severity4Count": 
"severity3Count": 
"severity2Count": 
"severitylCount": 


` 


E 


~ 


Oo: EECH EH © 
` 


hy 


"registryUuid": null, 
"source": [ 

"GENERAL" 
l; 
"isDockerHubOfficial": false, 
"isInstrumented": false, 


"instrumentedFrom": null, 
"instrumentationState": null, 
"instrumentationErrors": null, 
"scanType": null, 
"scanErrorCode": null, 
"scanStatus": null, 
"lastFoundOnHost": { 
"sensorUuid": "cb9fa762-b161-43bb-9268-ebaeb5fc606af", 
"uuid": null, 
"hostname": "Test HostName", 
"ipAddress": "254.254.254.254", 
"lastUpdated": "2020-03-19T11:01:08.9072" 
Pe 


"compliance": { 
"passCount": 3, 
"failCount": 1, 
"errorCount": 1 


}, 
"lastComplianceScanned": 1507592707000 
} 
l, 
"groups": {} 
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Fetch container details 


Fetch container details 


/v1.3/containers/{containerSha} 


[GET] 

Input Parameters: 

Parameter Description 

containerSha Specify the SHA value of a specific container in the 


user's scope. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/containers/fe23f264e3dd2b 
5ebcab5ba5a9accdf5e4ac0d3ba3144bf097f£6c5ba69e00d5fed' --header 
"Authorization: Bearer <token>' 


Response: 


{ 
"portMapping": [ 
( 
"probtocol'.-"tep'", 
"port": 5000, 
"hostrp'*i-350.0:0.0', 
"hostPort": 5000 
} 
ly 
"imageId": "5c4008a25e05", 
"created": "1615380901000", 
"updated": "1615440716646", 
"label": null, 
"uuid": "2866748c-acf2-3d09-8384-8ab0ed522048", 
"sha": 
"fe23f264e3dd2b5ebca5a5a9accdf5e4ac0d3ba3144b£097£6c5ba69e00d5fed", 
"privileged": false, 


"path": "/entrypoint.sh", 
"imageSha": 
"56438a25e0565faf88dd3f£060a847688£8c41c539a3ee9c693p05£08a12ebf9", 
"macAddress": "02:42:ac:11:00:02", 
"customerUuid": "74d66479-27e6-73b£-8033-34037£109fc9", 
"ipv4": "10.10.10.10", 
"ipv6": null, 
"name": "registry", 
"hosts 4 
"sensorUuid": "07ef65f6-472e-4d4c-9383-591b551f87ab", 
"hostname": "cloudagent", 
"ipAddress": "10.11.11.11", 


"uuid": "1fcg95c1-f881-4574-a452-febc3f55809a", 
"lastUpdated": "2021-03-10T12:56:01.2132Z" 


hy 
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Fetch container details 


"state": "STOPPED", 
"imageUuid": "bfbd86f3-e99a-32da-b73d-5d1c0cb77eaa", 
"containerld": "fel4f222e3dd", 
"stateChanged": "1615440815994", 
"services": null, 
"users": null, 
"operatingSystem": null, 
"lastScanned": null, 
"source": "GENERAL", 
"isInstrumented": null, 
"environment": [ 
"PATH-/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 
l, 
"arguments": [ 
"/etc/docker/registry/config.yml" 
l, 
"command": "/etc/docker/registry/config.yml", 
“drituts null, 
"vulnerabilities": null, 
"softwares": null, 
"isDrift": false, 
"isRoot": true, 
"lastComplianceScanned": null, 
"cluster": { 
"type": "kubernetes", 
"versions “yl. 1; 
"project": "k8s-project", 
"node": { 
"name": "k8s-node", 
"isMaster": true 
hy 
"pod" t 
"name": "pod-name", 
"uuid": "63225d4f-bf0c-3488-8144-89c7d03dfacf", 
"namespace": "cs", 
"label": [ 
( 
"key": "com.docker.compose.container-number", 
"value": "1" 
Fiy 
{ 
"key": "com.docker.compose.service", 
"value": "lb" 
} 
] 
"controllers": [ 
( 
"uuid": "a3145d4f-bf0c-3488-8144-89%c7d03dfacf", 
"name": "deployment-name", 
"type": "DEPLOYMENT" 
hy 
{ 
"uuid": "b3145d4f-bf0c-3488-8144-89c7d03dfacf", 
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"name": "replicaset-name", 
"type": "REPLICASET" 


Fetch a detailed containers list 


/v1.3/containers/list 
[GET] 


When you make your API request, you'll use the “limit” input parameter to specify the 
number of records to return. For example, you can choose to return details for 10 
containers at a time by specifying limit=10. The Response Header will include a unique 
link that you can specify in the next API request to get the next set of results. i.e. the next 
10 containers. Simply take the link as is for the new request, no additional parameters are 
needed. When there are no more records to return, the Response Header will show a value 
of “null” for the link. 


The details shown for each container in the list response will be the same as if you were 
fetching a single container, except that the "vulnerabilities" section of the response will 
only show qid, result and software. 


nput Parameters: 


Parameter Description 


limit Specify the number of records to include in the 
response. Enter a value from 1 to 250. 


filter Filter the containers list by providing a query using 
Qualys syntax. Refer to "How to Search" topic in the 
online help for assistance with creating your query. 


Example: List containers with limit of 2 records 
API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/vl.3/containers/list?limit-2' 
--header 'Authorization: Bearer <token>' 


Response: 


Response Headers: 


{ 


"content-type": "application/json;charset-UTF-8", 
"date": "Wed, 26 Aug 2020 07:56:59 GMT", 
Hinks 


"<http://qualysapi.qualys.com/csapi/v1.3/containers/list?limit=2&paginati 
onQuer y=updated%3E%3D1594876830694+AND+not tuuid%s3At+%5B65eff01b-7775-3a0a- 
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bd68-e6dale7a39f5$5D»;rel-next", 
"referrer-policy": "same-origin", 
"server": "Qualys", 
"transfer-encoding": 
"x-content-type-options": 
"x-frame-options": "sameorigin", 
"x-permitted-cross-domain-policies": 


"chunked", 
"nosniff", 


Containers 
Fetch a detailed containers list 


"none", 


"a249%ee950e639492563f2dd7caa23ladc5fc3fe5714f1d82a23cc2f8bbcda22f", 


"3abcd9%e6d6670283b5e2df06bb77354b379%b17ac7b940e8ea9edb202d423af13", 


"ald17d52-03fb-c803-83a6-1048acccaca9", 


"213d6f22-f8cc-42ad-814a-49b4b5c38d64", 


"52d08bfe-2799-4f5c-81fb-8c0950d80f5e", 


"e2c22565-d1d9-3f9c-ac83-ad9b09f110ef", 


"x-powered-by": "Qualys", 
"x-xss-protection": "1; mode=block" 
} 
Response JSON: 
{ 
"data": [ 
{ 
"portMapping": null, 
"imageId": "3aabd9e6d667", 
"Created": "1593759719000", 
"updated": "1594876830316", 
"label": null, 
"uuid": "cdb22685-9fbb-3971-90aa-706086a64079", 
"sha": 
"privileged": false, 
"path": "/bin/sh", 
"imageSha": 
"macAddress": "", 
"customerUuid": 
"ipv4": null, 
"ipv6": null, 
"name": "container-1", 
"hosts 4 
"sensorUuid": 
"hostname": "cloudagent", 
"ipAddress": "10.11.12.13", 
"uuid": 
"lastUpdated": null 
}, 
"state": "DELETED", 
"imageUuid": 
"containerId": "a978ee930e63", 
"stateChanged": "1593759720784", 
"services": null, 
"users": null, 
"operatingSystem": null, 
"lastScanned": null, 
"source": "GENERAL", 
"isInstrumented": null, 
"environment": [ 


"VAULT VERSION-0.9.3", 


"PATH-/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 
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l; 
"arguments": [ 

"e", 

"sed -i 's/\\r//g' /usr/local/bin/init.sh" 
l, 


"command": "/bin/sh -c sed -i 's/NNr//g' /usr/local/bin/init.sh", 
Morte: nul, 

"vulnerabilities": null, 

"softwares": null, 


"isDrift": null, 
"isRoot": true 


"portMapping": null, 

"imageId": "dd2f1712bc5a", 

"created": "1593759720000", 

"updated": "1594876830694", 

"label": null, 

"uuid": "62eff01b-7775-4a0a-bd68-e6dble7a39f5", 

"sha": 
"c0db6c214c3ec6cd6620ad07e4e06da540c50c3c0c1372£84116dbe8aa03dd8d", 

"privileged": false, 

"path": "/bin/sh", 

"imageSha": 
"dd6d1713ac6a55dffe5faff50e7408f£51£8£11081£7c4c43e8e84697becfa38b", 

"macAddress": "", 

"customerUuid": "ald17f51-05fb-c803-84a6-1048acccaca9", 

"ipv4": null, 

"ipv6": null, 


"name": "container-2", 

"hosts -f 
"sensorUuid": "213d6f22-f8cc-43bd-814a-49b4d5c38e64", 
"hostname": "cloudagent", 
"ipAddress": "10.11.12.13", 


"uuid": "53d08bfe-2899-4f5c-81fa-8c0950d80£f5e", 
"lastUpdated": null 


state": "DELETED", 

'imageUuid": "ca5f92da-7785-344b-8681-8c64f30a043b", 
"containerId": "cOda6c314c2e", 
S 
S 
u 


tateChanged": "1593759721924", 
ervices": null, 

sers": null, 
"operatingSystem": null, 
"lastScanned": null, 


"source": "GENERAL", 
"isInstrumented": null, 
"environment": [ 


"VAULT VERSION-0.9.3", 


"PATH-/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 
l; 
"arguments": [ 


" " 
-c", 
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"sed -i 's/NNr//g' /usr/local/bin/docker-entrypoint.sh" 

l; 

"command": "/bin/sh -c sed -i 's/\\r//g' /usr/local/bin/docker- 
entrypoint.sh", 

Nora Pes nul, 

"vulnerabilities": null, 

"softwares": null, 

"XsDrrft'": nüll, 

"isRoot": true, 


"cluster": { 
"type": "kubernetes", 
versions "yl, al, 
"project": "k8s-project", 
"node": { 
"name": "k8s-node", 
"isMaster": true 
), 
"pod". 
"name": "pod-name", 
"uuid": "6325d4f-bf0c-3488-8144-89c7d03dfacf", 
"namespace": "cs", 
"label": [ 
( 
"key": "com.docker.compose.container-number", 
"value": "1" 
hy 
{ 
"key": "com.docker.compose.service", 
"value": "lb" 
} 
] 
"controllers": [ 
( 
"uuid": "a3145d4f-bf0c-3488-8144-89c7d03dfacf", 
"name": "deployment-name", 
"type": "DEPLOYMENT" 
), 
( 
"uuid": "b3145d4f-bf0c-3488-8144-89c7d03dfacf", 
"name": "replicaset-name", 
"type": "REPLICASET" 
} 
] 
} 
} 
} 
l, 
"limit": 2 
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Example 2: Get the next set of results for containers list 


In this example, the link from the Response Header from the previous API request is 
Specified as part of the new request in order to get the next set of results. The response 
will be similar to the previous example. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/containers/list?limit-2&p 
aginationQuery=updated%3E%3D1594876830694+AND+not+uuid% 3A+%5B65eff0lb- 
7'1715-3a0a-bd68-e6dale7a39f5$5D' --header ‘Authorization: Bearer <token>' 


Example 3: Response with no link 


Here’s a sample response where there are no more records to return after this, so there is 
no link provided in the Response Header section. You’ll see a value of “null” for the link. 


Response: 

Response Headers: 

{ 
"content-type": "application/json;charset-UTF-8", 
"date": "Wed, 26 Aug 2020 07:56:59 GMT", 
"link": "null", 
"referrer-policy": "same-origin", 
"server": "Qualys", 
"transfer-encoding": "chunked", 
"x-content-type-options": "nosniff", 
"x-frame-options": "sameorigin", 
"x-permitted-cross-domain-policies": "none", 
"x-powered-by": "Qualys", 
"x-xss-protection": "1; mode=block" 
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Fetch a list of software installed on a container 


/v1.3/containers/[containerId]|/software 


[GET] 


Input Parameters: 


Parameter Description 

containerld Specify the ID or SHA value of a specific container in the 
user's scope. 

filter Filter the containers list by providing a query using 
Qualys syntax. Refer to the “How to Search” topic in the 
online help for assistance with creating your query. 

sort Sort the results using a Qualys token. The default value 
is name: asc. Refer to the "Sortable tokens" topic in the 
online help for more information. 

isDrift Specify true is you are looking for drift containers. 


Defaultis false. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/containers/cfe5171a754d3/s 
oftware?isDrift-false' --header 'Authorization: Bearer <token>' 


Response: 


( 
"data": 


{ 


[ 


"name": "file", 

"version": "1:5.25-2ubuntul.1", 
"fixVersion": "1:5.25-2ubuntul.2", 
"Vulnerabilities": { 


"severity5Count": 
"severity4Count": 
"severity3Count": 
"severity2Count": 
"severitylCount": 


~ 


~ 


~ 


CO Ota CO CH 
~ 


"name": "libgpg-error0:amd64", 
"version": "1.21-2ubuntul", 
"fixVersion": null, 
"vulnerabilities": { 
"severity5Count": null, 
"severity4Count": null, 
"severity3Count": null, 
"severity2Count": null, 
"severitylCount": null 
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"name": "libncursesw5:amd64", 
"version": "6.0+20160213-lubuntul", 
"fixVersion": null, 
"vulnerabilities": { 
"severity5Count": null, 
"severity4Count": null, 
"severity3Count": null, 
"severity2Count": null, 
"severitylCount": null 


hy 
l; 


"Count": 134, 


"SoftwareCountBySeverity": 


"severity5Count": 0, 
"severity3Count": F 
"severity4Count": 0, 
"severitylCount": 0, 
"severity2Count": 0 


{ 


Fetch vulnerability details for a container 


/v1.3/containers/[containerId]/vuln 


[GET] 

Input Parameters: 

Parameter Description 

containerld Specify the ID or SHA value of a specific container in the 
user's scope. 

filter Filter the containers list by providing a query using 
Qualys syntax. Refer to the “How to Search” topic in the 
online help for assistance with creating your query. 

type Specify the type of information to be fetched: Summary, 
Details, All. 

isDrift Specify true is you are looking for drift containers. 


Defaultis false. 
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'https://gateway.qg2.apps.qualys.com/csapi/v1.3/containers/cfe5171a75d3/v 


Response: 


uln?type-ALL&isDrift-false' --header 'Author 
( 
"details": ( 
"urns z f 
"vulnerability": null, 
"result": "libudev1 229-4ubuntu21.16 


ization: Bearer <token>' 


229-4ubuntu21.21 


\nlibsystemd0 229-4ubuntu21.16 229-4ubuntu21.21 \nsystemd 229- 
4ubuntu21.16 229-4ubuntu21.21 \nsystemd-sysv 
4ubuntu21.21", 


"lastFound": "1557343689800", 
"firstFound": "1557318183463", 
"fixed": null, 

"severity": 3, 
"customerSeverity": 3, 
"port": null, 

"typeDetected": "CONFIRMED", 
"status"s null, 
"nonRunningKernel": null, 
"nonExploitableConfig": null, 
"runningService": null, 
"risk" 30, 

"Category": "Ubuntu", 

"os": null, 


"discoveryType": [ 
"AUTHENTICATED" 


l; 
"authType": [ 
"UNIX AUTH" 


l, 
"supportedBy": [ 
"VM" j 
"CA-Linux Agent" 


, 


"product": [ 


"None" 
, 
"vendor": [ 
"ubuntu" 
, 
"cveids": [ 


"CVE-2019-3842" 


, 


"threatIntel": { 
"activeAttacks": null, 
"zeroDay": null, 
"publicExploit": true, 
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229-4ubuntu21.16 229- 


DÉI 


"highLa 
"easyEx 
"high 
"noPa 
"denialOfService": 
"malware": 
"exploi 
"publicExploitNames": 
"malwareNames": 
"exploi 


DÉI 


"gid" : 
"title": 
vulnerability 


teralMovement": 
ploit": null, 
raLoss"- null, 
null, 


null, 


Da 
tc 


bit: 
null, 
null, 

CRE nals, 

null, 
null, 


null 


tKitNames": 


197424, 
"Ubuntu Security Notificati 
(USN-3938-1)", 


"CvssInfo": { 


"baseScore": 
"temporalScore": 
"accessVector": 


hy 


"2,4", 
"gv. 


"Local" 


"cvss3Info": { 


"baseScore": 
"temporalScore": 


hy 


"patchAvailable": 
"published": 
"ageInDays": 


"yp. 


"6.3" 


true, 
1554890302000, 
41, 


"software": [ 


{ 


"libudevl:amd64", 
"229-4ubuntu21.16", 
"229-4ubuntu21.21" 
null 


"name": 
"version": 
"fixVersion": 
"vulnerabilities": 


"name": 
"version": 
"fixVersion": 
"vulnerabilities": 


"systemd-sysv", 
"229-4ubuntu21.16", 
"229-4ubuntu21.21" 
null 


"name": "libsystemd0:amd64", 
"version": "229-4ubuntu21.16", 
"fixVersion": "229-4ubuntu21.21" 
"vulnerabilities": null 


"name": 
"version": 
"fixVersion": 
"vulnerabilities": 


"systemd", 
"229-4ubuntu21.16", 
"229-4ubuntu21.21" 
null 
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on for systemd 


, 


, 


, 


, 


hy 


l; 


"driftVulns": 


"vulnSummary": { 
"confirmed": ( 


hy 


"sevlCount": 
"sev5Count": 
"sev2Count": 
"sev4Count": 
"sev3Count": 


"potential": { 


hy 


"sevlCount": 
"sev5Count": 
"sev2Count": 
"sev4Count": 
"sev3Count": 


null 


~ 


~ ~ 


LA Ota o CH 
~ 


~ 


~ 


~ 


OO POS 
~ 


"patchAvailability": { 


"confirmed": 


hy 


"sevlCount": 
"sev5Count": 
"sev2Count": 
"sev4Count": 
"sev3Count": 


"potential": { 


"sevlCount": 
"sev5Count": 
"sev2Count": 
"sev4Count": 
"sev3Count": 


{ 


~ 


~ ~ 


LA OO OO CH 
~ 


~ 


~ 


~ 


CO OO OC CH 
~ 


Containers 
Fetch vulnerability count for a container 


Fetch vulnerability count for a container 


/v1.3/containers/{containerId}/vuln/count 


[GET] 


Input Parameters: 


Parameter 


Description 


containerld 


Specify the II 
user's scope. 


D or SHA value of a specific container in the 
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API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/containers/cfe5171a75d3/v 
uln/count' --header 'Authorization: Bearer «token»' 


Response: 
{ 


"severity5Count": 
"severity3Count": 
"severity4Count": 
"severitylCount": 
"severity2Count": 


~ 


~ 


~ 


NO OO Lä CH 
~ 


Delete containers in your account 
/v1.3/containers 
[DELETE] 


You can choose to provide a request body without parameters or you can specify UUIDs or 
filter as input parameters in the API request. See samples. 


When specifying request body: 
Request Body: 


Parameter Description 


containerDeleteRequest (Required) user filters to query containers or provide one 
or more container UUIDs to delete. 
Filter can be applied by providing a query using Qualys 
syntax. Refer to the “How to Search” topic in the online 
help for assistance with creating your query. 


When specifying input parameters as part of path: 


Input Parameters: 


Parameter Description 


containerlds One or more container UUIDs for the containers you 
want to delete. When specifying multiple containers in 
the same request, enter them in this way: 
containerlds=value1&containerlds=value2&containerld 
s=value3, and so on. 


filter Filter the containers list by providing a query using 
Qualys syntax. Refer to the “How to Search” topic in the 
online help for assistance with creating your query. 
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Sample 1 - Use request body to specify containers to delete 
In this sample, a request body is used as part of the API request. 


API request: 


curl -X DELETE 
'https://gateway.qg2.apps.qualys.com/csapi/vi.3/containers' -d 
'("containerIds":["a6025a31-bd86-37e6-9de7-5722af586b66", "c4032e71-5969- 
34a9-a8a9-ba25069729673"])' --header 'Authorization: Bearer <token>' 


Response: 
Returns ("deletionJobld":"413b076e-01a8-4780-8e62-875b615a9a1f") 


response code 200 


Sample 2 - Delete single container using container UUID 
In this sample, we'll delete a single container by specifying the container UUID. 


API request: 


curl -X DELETE 
'https://gateway.qg2.apps.qualys.com/csapi/vl.3/containers?containerIds-7 
7161d39-386c-35dd-85b2-a80bd86111b6' --header 'Authorization: Bearer 
«token»' 


Response: 


{ 
"deletionJobId": "951dca63-254b-4f5c-ab76-7671dd8£1528" 


Sample 3 - Delete multiple containers using container UUIDs 


In this sample, we'll delete 2 containers in the same request. Specify multiple containers 
by entering containerlds-value1&containerlds-value2, and so on. 


API request: 


curl -X DELETE 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/containers?containerlIds=6 
8cc933e-4994-3d9b-8232-blc78b3b3c9décontainerlds=4e7d40ce-6ddc-3fb7-ab55- 
e0b48a60208a' --header 'Authorization: Bearer <token>' 


Response: 


{ 
"deletionJobId": "2b38a127-b413-4aa7-8421-61760487722c" 
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Sample 4 - Delete containers using a filter 
In this sample, we'll delete containers based on the filter parameter. 


API request: 


curl -X DELETE 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/containers?filter-contain 
erId$3A194c52ca4d31' --header 'Authorization: Bearer <token>' 


Response: 


{ 
"deletionJobId": "8a475932f-4f22-46e5-b772-58f9664173fe" 
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Images 

Here is the list of the APIs we currently support for images: 

API Objective Operator API Path 

Show a list of images in your GET /csapi/v1.3/images 

account 

Show details of a single image GE /csapi/v1.3/images/{imageSha} 

Show a list of images in your GET /csapi/v1.3/images/list 

account with image details 

Show associations for an image GE /csapi/v1.3/images/{imageld}/association 
Show repositories that contain GET /csapi/v1.3/images/{imageld}/repos 

this image 

Show software installed on an GET /csapi/v1.3/images/{imageld}/software 
image 

Show vulnerability details foran GET /csapi/v1.3/images/{imageld}/vuln 

image 

Show vulnerability count for an GET /csapi/v1.3/images/{imageld}/vuln/count 
image 

Delete images in your account DELETE  /csapi/v1.3/images 


Samples for various operations on images: 


Fetch a list of images in your account 

Fetch image details 

Fetch a detailed images list 

Fetch associations for an image 

Fetch a list of repositories that contain this image 
Fetch a list of software installed on an image 
Fetch vulnerability details for an image 

Fetch vulnerability count for an image 

Delete images in your account 
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Fetch a list of images in your account 


/v1.3/images 


[GET] 

Input Parameters: 

Parameter Description 

filter Filter the containers list by providing a query using 


Qualys syntax. Refer to the "How to Search” topic in the 
online help for assistance with creating your query. 


pageNumber or pageNo (Optional) The page to be returned. Page numbers start 
with 1. 


For API v1.1 and v1.2, pageNumber and pageNo are both 
supported. If both are specified in the same request, 
then pageNumber takes precedence. 


For API v1.3, only pageNumber is supported. 


pageSize (Required) The number of records per page to be 
included in the response. 


sort Sort the results using a Qualys token. For example 
eventOccurred:desc. Refer to the "Sortable tokens" 
topic in the online help for more information. 


API request: 


curl -X GET 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/images?pageNumber=1 é&pageS 


ize=50ésort=created%3Adesc' --header ‘Authorization: Bearer <token>' 
Response: 
{ 
"data": [ 


{ 
"uuid": "2c8d6485-0c6d-3d7b-a2bd-86616ff£78205", 


"sha": 
"27723ada671ea9£25624a9££dadde273038e4a48373bada6133371cb3bd7a9d3", 
"imageId": "27723ada671e", 
"repo": [ 
( 
"registry": "docker.io", 
"repository": "qualysdemo/checkoutapp", 
"Lag": "demo" 
} 
Ty 
"repoDigests": [ 
{ 
"registry": "docker.io", 
"repository": "qualysdemo/checkoutapp", 
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"6300£0a22bal1768ebed30dabba5d856f£c5536609ec12£c2b23e7bec7aa79ccd9b" 


} 
l; 


Images 


Fetch a list of images in your account 


"digest": 


} 
l; 
"created": 1507592726000, 
"updated": 1603767703217, 
"associatedContainersCount": 0, 
"associatedHostsCount": 1, 
"lastScanned": null, 
"size": 718071042, 
"vulnerabilities": ( 

"severity5Count": 

"severity4Count": 

"severity3Count": 

"severity2Count": 

"severitylCount": 


` 


E 


~ 


Oo: EECH EH © 
` 


hy 


"registryUuid": null, 
"source": [ 

"GENERAL" 
l; 
"isDockerHubOfficial": false, 
"isInstrumented": false, 


"instrumentedFrom": null, 
"instrumentationState": null, 
"instrumentationErrors": null, 
"scanType": null, 
"scanErrorCode": null, 
"scanStatus": null, 
"lastFoundOnHost": { 
"sensorUuid": "cb9fa762-b161-43bb-9268-ebaeb5fc606af", 
"uuid": null, 
"hostname": "Test HostName", 
"ipAddress": "254.254.254.254", 
"lastUpdated": "2020-03-19T11:01:08.9072" 
Pe 


"compliance": { 
"passCount": 3, 
"failCount": 1, 
"errorCount": 1 


}, 
"lastComplianceScanned": 1507592707000 


"groups": {} 
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Fetch image details 
/v1.3/images/{imageSha} 
[GET] 


Input Parameters: 


Parameter Description 
imageSha Specify the SHA value of a specific image in the user's 
scope. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/images/c64844065dcbc3d0a9 
0c365c1f£56421766a5cebf05f7ecbd3377af410fff09fd' --header 'Authorization: 


Bearer <token>' 


Response: 


{ 
"created": "1603477517000", 


"updated": "1605017537578", 


"author": "Couchbase Docker Team <docker@couchbase.com>", 
"repo": [ 
( 
"registry": "docker.io", 
"Lag": "latest", 
"repository": "couchbase" 
} 
Tz 
"repoDigests": [ 
{ 
"registry": "docker.io", 
"digest": 
"1d81103c382893£70£0cc0£2371a1243671c1d5175bcc67e8c2a5c0bf4c8£976", 
"repository": "couchbase" 


} 

ls 

"label": null, 

"uuid": "5d48f83b-cddb-33ac-8fad-e8452dd116b1", 

"sha": 
"c64844065dcbc3d0a90c365c1£56421766a5cebf05£7ecbd3377a£410f£ff09fd", 

"OperatingSystem": "Ubuntu Linux 16.04.7", 

"customerVuid": "192cc974-1e44-cb6c-806e-f78f£6441cb0d", 


"dockerVersion": "18.09.7", 
"size": 1183790011, 
"layers": [ 


{ 
"size": "130553983", 
"createdBy": "ADD 
file:c1f3147c7b6710af5affd417ff822ee28df872d716003858d43d2e23d2277c981 in 


fn, 
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"Created": "1603474388000", 
"comment": "", 

"ig" : 
"sha": 
"tags": 


"size": 
"createdBy": "rm -rf /var/lib/apt/lists/*", 
"created": "1603474389000", 

"comment": "", 

Figs : 
"sha": 
"tags": 


"size": 
"createdBy": "COPY 
file:d816a67f62bfba76d2812cefbe92252a£a13£3852775c3e68599df£7741e90cb7 in 


" 
, 


null, 
null, 


null 


OLLA 


null, 
null, 


null 


"1930", 


"created": "1603477517000", 
"comment": "", 

to LU : 
"sha": 
"tags": 


} 
l, 
"host" 
( 


i 


null, 
null, 


null 


"sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084", 


"hostname": "host.qualys.com", 
"ipAddress": "10.44.29.40", 
"uuid": "6ba5be85-2758-4f44-814a-b690c%ed23ee", 


"lastUpdated": "2020-11-10T14:10:29.2182" 


} 
l; 


"archi 


tec 


ture": "amd64", 
"imageld": 


"c64844065dcb", 


"lastScanned": "1605017537578", 


"regis 


"source": 


"GEN 


ERA 


l, 


[ 


" 
1 


tryUuid": null, 


"totalVulCount": "0", 


"users 


"n. 


"root" 


l; 


"isDockerHubOfficial": null, 
"isInstrumented": null, 
"instrumentedFrom": null, 
"instrumentationState": null, 
"scanType": 
"scanErrorCode": null, 
"scanStatus": "SUCCESS", 


"DYNAMIC", 
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"lastFoundOnHost": { 
"sensorUuid": "fed79006-2fa9-4b67-8f5a-272b4e02f084", 
"hostname": "host.qualys.com", 
"ipAddress": "10.44.29.40", 


"uuid": "6ba5be85-2758-4£44-814a-b690c9ed23ee", 
"lastUpdated": "2020-11-10T14:10:29.218Z" 


hy 


"softwares": [ 
{ 
"name": "libncursesw5:amd64", 
"version": "6.0+20160213-lubuntul", 
"fixVersion": null, 
"vulnerabilities": null 
), 
( 
"name": "libgpg-error0:amd64", 
"version": "1.21-2ubuntul", 
"fixVersion": null, 
"vulnerabilities": null 
} 
l; 
"vulnerabilities": [], 
"lastComplianceScanned": "1603477517000" 


Fetch a detailed images list 
/v1.3/images/list 
[GET] 


When you make your API request, you'll use the "limit" input parameter to specify the 
number of records to return. For example, you can choose to return details for 10 images 
at a time by specifying limit=10. The Response Header will include a unique link that you 
can specify in the next API request to get the next set of results. i.e. the next 10 images. 
Simply take the link as is for the new request, no additional parameters are needed. When 
there are no more records to return, the Response Header will show a value of "null" for 
the link. 


The details shown for each image in the list response will be the same as if you were 
fetching a single image, with a few exceptions. The "vulnerabilities" section of the 
response will only show qid, result and software. Instead of listing all hosts where an 
image was found, we'll show details for the most recent host where the image was found. 
This appears in the response under “lastFoundOnHost”. 


Input Parameters: 


Parameter Description 
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limit Specify the number of records to include in the 
response. Enter a value from 1 to 250. 
filter Filter the images list by providing a query using Qualys 


syntax. Refer to "How to Search" topic in the online help 
for assistance with creating your query. 


Example: List images with limit of 2 records 


API request: 


curl -X GET 


"https://gateway.qg2.apps.qualys.com/csapi/vl.3/images/list?limit=2' -- 
header 'Authorization: Bearer <token>' 


Response: 
Response Headers: 
( 
"content-type": "application/json;charset-UTF-8", 
"date": "Wed, 26 Aug 2020 07:41:21 GMT", 


"link": 


"chttp://qualysapi.qualys.com/csapi/vi.3/images/list?limit-2&paginationQu 
ery=updated$3E%3D1593731505425+AND+not+uuids3A+%5Bbc092a61-caee-3ff1- 
a693-d9062361ad3c$5D»;rel-next", 


"referrer-policy": "same-origin", 

"server": "Qualys", 

"transfer-encoding": "chunked", 
"x-content-type-options": "nosniff", 
"x-frame-options": "sameorigin", 
"x-permitted-cross-domain-policies": "none", 
"x-powered-by": "Qualys", 
"x-xss-protection": "1; mode=block" 


Response JSON: 
{ 


"data": [ 
{ 
"Created": "1557533223000", 
"updated": "1593731440059", 
"author"z WW, 
"repo": [ 
( 
"registry": "docker.io", 
MEAG a 329m 
"repository": "alpine" 
} 
hy 
"repoDigests": [ 
{ 
"registry": "docker.io", 
"digest": 
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"774 6d£395af22£04212cd25a92cld6dbc5a06a0ca9579a229eFf43008d4d1302a", 


"repository": "alpine" 
} 
ds 
"label": null, 
"layersCount": null, 


"uuid": "cfd55a5d-28fd-39c3-9572-50b05b8 9bd1la", 


"sha": 


"05593683920576da37aa9bc460d70c5£212028bda1c08c0879aedf£03d7a66ea1", 


"OperatingSystem": "Alpine Linux 3.9.4", 


"sensorUuid": null, 


"customerUuid": "ald17d51-03fb-c803-81a6-1048acccaca?9", 


"dockerVersion": "18.06.1-ce", 
"size": 5533135, 
"layers": null, 
"architecture": "amd64", 
"imageId": "055936d39205", 
"lastScanned": "1593731440058", 
"registryUuid": null, 
"source": [ 

"GENERAL" 


l; 

"users": 
"root", 
"Operator", 
"postgres" 


l; 
"lastFoundOnHost": null, 
"isDockerHubOfficial": null, 
"isInstrumented": null, 
"instrumentedFrom": null, 
"instrumentationState": null, 
"scanType": "DYNAMIC", 
"softwares": [ 


{ 


"name": "musl", 
"version": "1.1.20-r4", 
"fixVersion": null 

}, 

{ 
"name": "libtls-standalone", 
"version": "2.7.4-r6", 
"fixVersion": null 
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"name": "alpine-keys", 
"version": "2.1-11", 
"fixVersion": null 

}, 

{ 


l; 


"vulnerabilities": [ 


{ 
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"gid" . 
"result": 


shadow 


"software": 


"created": 
"updated": 


"author": 
"repo": [ 
( 


"regi 


"tag": 


"repo 
} 
l; 
"repoDige 
"label": 
{ 


"W key" . 
"value": 


DÉI 
{ 


"W key" . 
"value": 


hy 


l; 


"layersCount": 
"bc092a61-caee-3ffl-a693-d9062361ad3c", 


"uud"; 
"sha": 
"016ad20049fb86 


"operatingSystem": 


"sensorUu 
"cus 
"doc 
"size": 4 
"layers": 


"architec 


"imageld": 
tScanned": 


Tras 
"registry 
"source": 

"GENERA 


tomerUuid": 
kerVersion": 


Images 
Fetch a detailed images list 


105144, 
"shadow:x:42:\n\n/etc/shadow\n\n-rw-r----- 
9 2019 /etc/shadow", 

null 


1 root 
441 May 


"1591815652000", 
"1593731505425", 


"wn 
, 


stry": "docker.io", 
"pw 
,r 


sitory": 


"hello world ps" 


sts": 


[ 


null, 


"org.label-schema.name", 
"CentOS Base Image" 


"org.label-schema.license", 
"GPLv2" 


null, 


£4f£027cc93efecce7a9c546ee5a30139»D1d62c225161954581", 
"CentOS Linux 7.7.1908", 
Lats nnb 
"aldi7d51-03fb-c803-81a6-1048acccaca9", 
"119703275"; 
57819642, 

null, 
ture": "amd64", 
"016ad20049fb", 
"1593731505424", 
Vuid": null, 
[ 


" 
1 


l; 
"users": 


Gm 


"root 


l; 


"lastFoundOnHost": 
kerHubOfficial": 
trumented": 
"instrumentedFrom": 


"isDoc 
"isIns 


null, 
null, 
null, 
null, 
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"instrumentationState": 
"DYNAMIC", 


"scanType": 
"softwares": [ 
( 
"name": 
"version": "2. 
"fixVersion": 


"name": "tar", 
"version": "1. 
"fixVersion": 


hy 


l, 
"vulnerabilities": 
( 
"qid": 256906, 
"result": 


"util- 


"table cols=\"3\"\nPackage 
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null, 


linux" 
23.2-261.e17", 
null 


26-35.e17", 
null 


[ 


Installed Version 


Required Versioninbind-license 9.11.4-16.P2.e17.noarch 9.11.4- 


16.P2.e17 8.6", 


"software": [ 
( 
"name": "bind-license", 
"version": "9.11.4-16.P2.e17", 
"fixVersion": "9.11.4-16.P2.e17 8.6" 


"limit"; 2 


Example 2: Get the next set of results for images list 


In this example, the link from the 


Response Header from the previous API request is 


Specified as part of the new request in order to get the next set of results. The response 
will be similar to the previous example. 


API request: 


curl -X GET 


"https://gateway.qg2.apps.qualys.com/csapi/vl.3/images/list?limit=2épagin 
ationQuery=updated% 3E%3D1593731505425+AND+not+uuids 3A+%5Bbc092a61-caee- 


3f££1-a693-d9062361lad3c%5D' 


--header ‘Authorization: Bearer <token>' 


Example 3: Response with no link 


Here’s a sample response where there are no more records to return after this, so there is 
no link provided in the Response Header section. You’ll see a value of “null” for the link. 
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Response: 


Response Headers: 


{ 
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"content-type": "application/json;charset-UTF-8", 
"date": "Wed, 26 Aug 2020 07:41:21 GMT", 


"Link": "null", 
"referrer-policy": 
"server": "Qualys" 


"same-origin", 


, 


"transfer-encoding": "chunked", 
"x-content-type-options": "nosniff", 


"x-frame-options": 
"x-permitted-cross 


"sameorigin", 
-domain-policies": "none", 


"x-powered-by": "Qualys", 


"x-xss-protection" 


: "1; mode=block" 


Fetch associations for an image 


/v1.3/images/(imageld]/association 


GET] 


nput Parameters: 


Parameter Description 

imageld Specify the ID or SHA value of a specific image in the 
user's scope. 

filter Filter the images list by providing a query using Qualys 
syntax. Refer to the “How to Search” topic in the online 
help for assistance with creating your query. 

type Specify the type of information to be fetched: Container, 


Host, Drift, All. 


API request: 


curl -X GET 


'https://gateway.qg2.apps.qualys.com/csapi/v1.3/images/(imageld)/associat 


ion?imageId-5d556c82899c&type-ALL' --header 'Authorization: Bearer 
<token>' 
Response: 
{ 
"containers": [], 
"driftContainers": [], 
"hosts": [ 
( 
"sensorUuid": "2a9726£2-69d1-4255-b6ba-2f4d0c7bb596", 
"hostname": "qualys-virtual-machine", 
"ipAddress": "10.115.67.98", 
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"uuid": null, 

"runningContainerCount": null, 
"stoppedContainerCount": null, 
"createdContainerCount": null, 
"pausedContainerCount": null, 
"runningContainerCountForAssociatedImage": null, 
"stoppedContainerCountForAssociatedImage": null, 
"createdContainerCountForAssociatedImage": null, 
"pausedContainerCountForAssociatedImage": null 


Fetch a list of repositories that contain this image 


/v1.3/images/(imageld]/repos 


[GET] 

Input Parameters: 

Parameter Description 

imageld Specify the ID or SHA value of a specific image in the 


user's scope. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/images/30def87e0731/repos 
' --header 'Authorization: Bearer <token>' 


Response: 
( 
"registryUuid": "f3927b96-dbb4-473b-bf10-18460c97736c", 
"registry": "registrytest2.azurecr.io", 
"repo": "couchbase", 
"Lag": "latest" 


) 
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Fetch a list of software installed on an image 


/v1.3/images/(imageld]/software 


GET] 


nput Parameters: 


Parameter Description 

imageld Specify the ID or SHA value of a specific image in the 
user's scope. 

filter Filter the images list by providing a query using Qualys 
syntax. Refer to the “How to Search” topic in the online 
help for assistance with creating your query. 

sort Sort the results using a Qualys token. For example 


qid:asc. Refer to the “Sortable tokens” topic in the 
online help for more information. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/images/5d556c82899c/softw 


are' --header 'Authorization: Bearer <token>' 
Response: 
( 
"data": [ 
( 

"name": "perl-base", 
"version": "5.26.1-6ubuntu0.3", 
"fixVersion": null, 
"vulnerabilities": { 


hy 


"severity5Count": null, 
"severity4Count": null, 
"severity3Count": null, 
"severity2Count": null, 
"severitylCount": null 


"name": "hostname", 
"version": "3.20", 
"fixVersion": null, 
"vulnerabilities": { 
"severity5Count": null, 
"severity4Count": null, 
"severity3Count": null, 
"severity2Count": null, 
"severitylCount": null 


41 


l, 


Images 
Fetch vulnerability details for an image 


"Count": 89, 

"softwareCountBySeverity": { 
"severity5Count": 0, 
"severity3Count": » 
"severity4Count": 0, 
"severitylCount": 0, 
"severity2Count": 0 


hy 


"driftSoftwareCountBySeverity": 
"driftSoftwareCountByDriftReason": 


null, 
null 


Fetch vulnerability details for an image 


/v1.3/images/(imageld]/vuln 


GET] 


nput Parameters: 


Parameter Description 

imageld Specify the ID or SHA value of a specific image in the user's scope. 

filter Filter the images list by providing a query using Qualys syntax. Refer to 
the "How to Search” topic in the online help for assistance with creating 
your query. 

type Specify the type of information to be fetched: Summary, Details, All. 

sort Sort the results using a Qualys token. For example qid: asc. Refer to the 


"Sortable tokens" topic in the online help for more information. 


API request: 


curl -X GET 


'https://gateway.qg2.apps.qualys.com/csapi/v1.3/images/5d556c82899c/vuln? 


type=ALLésort=qid%3Aasc' 


Response: 
{ 


"details": 


{ 


"vulnerability": 


--header ‘Authorization: Bearer <token>' 


[ 


null, 


"result": "sysctl net.ipv4.ip forward\nnet.ipv4.ip forward = 1", 


"lastFound": 
"firstFound": 
"fixed": 


"1557406965964", 
"1557406965964", 
null, 


"severity": 2, 
"customerSeverity": 2, 


"ports 
"typeDetected": 
"status": 


null, 
"POTENTIAL", 


null, 


42 


DÉI 


"nonRunningKernel": null, 
"nonExploitableConfig": null, 
"runningService": null, 
"risk"; 20, 

"Category": "Local", 

tos NULL; 


"discoveryType": [ 
"AUTHENTICATED" 


l; 
"authType": [ 
"UNIX AUTH" 
l, 
"supportedBy": [ 
"VM", 
"CA-Linux Agent", 
"CA-Mac Agent" 
l; 
"product": [], 
"vendor": [], 
"cveids": [ 
"CVE-I999-0511" 


l, 

"threatIntel": { 
"activeAttacks": null, 
"zeroDay": null, 
"publicExploit": null, 
"highLateralMovement": null, 
"easyExploit": true, 
"highDataLoss": null, 
"noPatch": true, 
"denialOfService": null, 
"malware": null, 
"exploitKit": null, 
"publicExploitNames": null, 
"malwareNames": null, 
"exploitKitNames": null 


}, 
"qid": 115284, 


"title": "IP Forwarding Enabled", 

"CvssInfo": { 
"baseScore": "7.5", 
"temporalScore": "6.8", 
"accessVector": "Network" 

), 

"cvss3Info": { 
"baseScore": "3.7", 
"LtemporalScore": "3.6" 


}, 

"patchAvailable": false, 
"published": 1127977200000, 
"ageInDays": 4983, 
"software": null 
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l, 
"vulnSummary": { 
"confirmed": ( 
"sevlCount": 
"sev5Count": 
"sev2Count": 
"sev4Count": 
"sev3Count": 


~ 


~ 


~ 


CO Ota CO CH 
` 
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"potential": { 
"sevlCount": 
"sev5Count": 
"sev2Count": 
"sev4Count": 
"sev3Count": 


~ 


~ 


~ 


CO Ota CO CH 
` 


ys 
"patchAvailability": { 
"confirmed": { 
"sevlCount": 
"sev5Count": 
"sev2Count": 
"sev4Count": 
"sev3Count": 

ke 
"potential": { 
"sevlCount": 
"sev5Count": 
"sev2Count": 
"sev4Count": 
"sev3Count": 


~ 


~ ~ 


O oO CH CH EH 
~ 


~ 


~ 


~ 


CO OO OO OO CH 
~ 


Fetch vulnerability count for an image 


/v1.3/images/{imageld}/vuln/count 


[GET] 

Input Parameters: 

Parameter Description 

imageld Specify the ID or SHA value of a specific image in the 


user’s scope. 
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API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/images/5d556c82899c/vuln/ 


count' --header 'Authorization: Bearer «token»' 
Response: 
( 
"severity5Count": 0, 
"severity3Count": 0, 
"severity4Count": 0, 
"severitylCount": 0, 
"severity2Count": 2 


Delete images in your account 
/v1.3/images 
[DELETE] 


Images with active containers (CREATED, RUNNING, STOPPED, PAUSED) associated with 
them, cannot be deleted. 


You can choose to provide a request body without parameters or you can specify UUIDs or 
filter as input parameters in the API request. See samples. 


When specifying request body: 
Request Body: 


Parameter Description 


imageDeleteRequest (Required) user filters to query images or provide one or 
more image UUIDs to delete. 
Filter can be applied by providing a query using Qualys 
syntax. Refer to the “How to Search” topic in the online 
help for assistance with creating your query. 


When specifying input parameters as part of path: 


Input Parameters: 


Parameter Description 


imagelds One or more image UUIDs for the images you want to 
delete. When specifying multiple images in the same 
request, enter them in this way: 
imagelds=value1&imagelds=value2&imagelds=value3, 
and so on. 


filter Filter the images list by providing a query using Qualys 
syntax. Refer to the “How to Search” topic in the online 
help for assistance with creating your query. 
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Sample 1 - Use request body to specify images to delete 
In this sample, a request body is used as part of the API request. 


API request: 


curl -X DELETE 'https://gateway.qg2.apps.qualys.com/csapi/vi1.3/images' -d 
'("imageIds":["e3e4cca0-8305-3835-810a-5b334dcb65a33"])' --header 
"Authorization: Bearer <token>' 


Response: 
Returns ("deletionJobld":"980ce235-5677-4997-81ca-3905e63471bb") 


response code 200 


Sample 2 - Delete single image using image UUID 
In this sample, we'll delete a single image by specifying the image UUID. 


API request: 


curl -X DELETE 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/images?imagelds-8b261e4e- 
47f3-3b6a-a5a7-668ff0d6e3eb' --header 'Authorization: Bearer <token>' 


Response: 


( 
"deletionJobId": "ee295423-af59-4f5c-a4al-7cb035dae61p" 


Sample 3 - Delete multiple images using image UUIDs 


In this sample, we'll delete 2 images in the same request. Specify multiple images by 
entering imagelds-value1&imagelds-value2, and so on. 


API request: 


curl -X DELETE 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/images?imagelds-8b261e4e- 
47£3-3b6a-a5a7-668ff0d6e3eb&imageIds-9b251e3e-52f3-2b6a-a6a7- 
678ff0d5e2eb' --header 'Authorization: Bearer <token>' 


Response: 


{ 
"deletionJobId": "1b54a117-b413-4aa8-8511-61860487619c" 
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Sample 4 - Delete images using a filter 
In this sample, we'll delete images based on the filter parameter. 


API request: 


curl -X DELETE 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/images?filter-imageId$3A 
c3b4a64d481' --header 'Authorization: Bearer <token>' 


Response: 


( 
"deletionJobId": "ee295423-af59-4f5c-a4al-7cb035dae61p" 
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Registries 

Here is the list of the APIs we currently support for registries: 

API Objective Operator API Path 

Show a list of registries in your GET /csapi/v1.3/registry 

account 

Show details of a registry GE /csapi/v1.3/registry/{registryld} 
Show a list of ACR connectors in GE /v1.3/registry/acr/connectors 
your account 

Show ACR connector details GET /v1.3/registry/acr/connector/{connectorld} 
Create new ACR connector POST /v1.3/registry/acr/connector 
Fetch AWS account ID and GET /csapi/v1.3/registry/aws-base 


External ID for your account 


Fetch AWS US GovCloud account GET /csapi/v1.3/registry/aws-gov-base 
ID and External ID for your US 
GovCloud account 


Show a list of AWS connectorsin GET /csapi/v1.3/registry/aws/connectors 

your account 

Show a list of AWS connectors for GET /csapi/v1.3/registry/aws/connectors/{accountld} 
an AWS account ID 

Create new AWS connector POST /csapi/v1.3/registry/aws/connector 

Show a list of GCR connectorsin ` GET /v1.3/registry/gcr/connectors 

your account 

Show GCR connector details GE /v1.3/registry/gcr/connector/{connectorld} 
Create new GCR connector POST /v1.3/registry/gcr/connector 

Validate information for new POST /csapi/v1.3/registry/validate 

registry 

Create a new registry POST /csapi/v1.3/registry 

Update existing registry in your PUT /csapi/v1.3/registry/(registryld 

account 

Show a list of repositories in a GET /csapi/v1.3/registry/{registryld}/repository 
registry 

Show a list of schedules created GET /csapi/v1.3/registry/{registryld}/schedule 
for a registry 

Create a new registry scan POST /csapi/v1.3/registry/{registryld}/schedule 
schedule 

Update existing registry schedule PUT /csapi/v1.3/registry/{registryld}/schedule/ 
in your account {scheduleld} 

Cancel a registry schedule in your POST /csapi/v1.3/registry/{registryld}/schedule/ 
account {scheduleld}/cancel 
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Cancel multiple or all registry POST /csapi/v1.3/registry/(registryld)/schedule/cancel 
schedules in bulk 

Delete registry in your account DELETE  /csapi/v1.3/registry/ 

Delete a registry schedule in your DELETE /csapi/v1.3/registry/[registryId]/schedule/ 


account 


{scheduleld} 


Delete multiple registry schedules DELETE /csapi/v1.3/registry/[registryId]/schedule/ 


in your account 


Delete multiple or all registry DELETE  /csapi/v1.3/registry/(registryld//schedule/bulk 
schedules in bulk 


Samples for various operations on registries: 


Fetch a list of registries in your account 

Fetch registry details 

Fetch a list of ACR connectors in your account 
Fetch ACR connector details 

Create a new ACR connector 

Fetch AWS account ID and external ID 

Fetch AWS US GovCloud account ID and external ID 
Fetch a list of AWS connectors in your account 
Fetch a list of AWS connectors for a certain account ID 
Create a new AWS connector 

Fetch a list of GCR connectors in your account 
Fetch GCR connector details 

Create a new GCR connector 

Validate registry parameters 

Create registry 

Update registry 

Fetch a list of repositories in a registry 

Fetch a list of schedules created for a registry 
Create registry schedule 

Update registry schedule 

Cancel a registry schedule 

Cancel multiple or all registry schedules in bulk 
Delete registries in your account 

Delete a registry schedule 

Delete multiple registry schedules 

Delete multiple or all registry schedules in bulk 
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Fetch a list of registries in your account 

/v1.3/registry 

GET] 

Here's sample request and output to fetch a list of registries in your account. 


nput Parameters: 


Parameter Description 


filter Filter the registries list by providing a query using 
Qualys syntax. Refer to the “How to Search” topic in the 
online help for assistance with creating your query. 


pageNumber or pageNo (Required) The page to be returned. Page numbers start 
with 1. 


For API v1.1 and v1.2, only pageNo is supported. 
For API v1.3, only pageNumber is supported. 


pageSize (Required) The number of records per page to be 
included in the response. 


sort Sort the results using a Qualys token. For example 
created: desc. Refer to the “Sortable tokens" topic in 
the online help for more information. 


API request: 


curl -X GET 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry?pageNumber=lépag 
eSize=50' --header ‘Authorization: Bearer <token>' 


Response: 


{ 
"data": [ 
{ 
"registryUuid": "1ec77e75b-2243-49d1-ac5b-06090ff£896e4", 


"registryUri": "http://ec2-13-57-34-145.us-west- 
1.compute.amazonaws.com:8083", 

"registryType": "V2 PRIVATE", 

"repoCount": 2, 

"totallmages": 0, 

"totalScannedImages": 0, 


"totalVulnerableImages": 0, 

"lastScanned": "1536301443647", 

"scheduleStatusList": { 
"Completed": 3 

E 

"Created": "1536237658094", 

"updated": "1536237658094", 

"dockerHubOrg": null, 

"providerType": null, 
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"awsAccountId": null, 
"awsRegion": null 


"registryUuid": "57739abc-ee35-43ab-9f74-2157c15a0ae4", 
"registryUri": "https://registry-1.docker.io", 
"registryType": "DockerHub", 
"repoCount": 0, 
"totallmages": 0, 
"totalScannedImages": 0, 
"totalVulnerableImages": 0, 
"LlastScanned": "1536134457859", 
"scheduleStatusList": ( 
"Completed": 3 
y; 
"Created": "1536081619949", 
"updated": "1536081619949", 
"dockerHubOrg": null, 
"providerType": "DockerHub", 
"awsAccountId": null, 
"awsRegion": null 
Eg aes. n 
l; 


"eount ss 36, 
"groups": {} 


Fetch registry details 

/v1.3/registry 

[GET] 

Here’s sample request and output to fetch details of a registry in your account. 


Input Parameters: 


Parameter Description 


registryld (Required) ID/UUID of the registry you want to fetch the 
details for. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/1ad23456-789f- 


0a12-3456-78bd901a2e34' --header 'Authorization: Bearer <token>' 
Response: 
( 
"data": [ 


( 
"registryUuid": "lad23456-789f-0a12-3456-78bd901la2e34", 
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"registryUri": "https://123456789012.dkr.ecr.us-gov-west- 
l.amazonaws.com", 

"registryType": "AWS", 

"repoCount": 1, 

"totallmages": 1, 

"totalScannedImages": 1, 


"totalVulnerableImages": 0, 

"lastScanned": "1642527390097", 

"scheduleStatusList": { 
"Finished": 1 

Jor 

"Created": "1642527260574", 

"updated": "1642527260574", 

"dockerHubOrg": null, 


"providerType": "AWS", 
"awsAccountId": "123456789012", 
"awsRegion": "us-gov-west-1", 


"gcpProjectId": null, 
"acrConnectorId": null 


l; 


"count": 1 


Fetch a list of ACR connectors in your account 
/v1.3/registry/acr/connectors 

[GET] 

You can get a list of ACR connectors to help you create a registry. 


API request: 


curl -X GET 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry/acr/connectors' 
--header ‘Authorization: Bearer <token>' 


Response: 
{ 
"name": "New ACR connector", 
"description": "This is a new connector for ACR", 


"acrConnectorId": "025b5e82-0338-4920-b091-6c028b4b39a4" 


Ju 

( 

"name": "New ACR connector 2", 

"description": "This is a new connector for ACR", 
"acrConnectorId": "0fae7c97-02d0-4a97-9790-672f£3a0e6897" 


hy 
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Fetch ACR connector details 
/v1.3/registry/acr/connector/[connectorld) 
[GET] 

You can get the details for an ACR connector. 


Input Parameters: 


Parameter Description 


connectorld Provide the ACR connector ld to get the details for. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/acr/connector/66 


f9c9bf-9b04-4631-bb64-d0abfa44e6f6' --header 'Authorization: Bearer 
«token»' 
Response: 
( 
"name": "New ACR connector 4", 
"description": "This is a new connector for ACR", 


"acrConnectorId": "66f9c9bf-9b04-4631-bb64-d0abfa44e6f6" 
} 


Create a new ACR connector 
/v1.3/registry/acr/connector 

[POST] 

Use this API to create a new ACR connector. 


Input Parameters: 


Parameter Description 

applicationld Provide the Azure application ID. 
clientSecret Provide the Azure client secret. 
name Connector name. 

description (Optional) Connector description. 


API request: 


curl -X POST 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry/acr/connector' - 
d '("applicationId":"66f9c9bf-9b04-4631-bb64-d0abfa44e6f6", 
"clientSecret":"Q] RHUUGbgtCgOd8DWS8U6UJl18sTqK]-", "description":"This is 
a new connector for ACR", "name":"New ACR connector 4"}' --header 
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"Authorization: Bearer <token>' 


Response: 
response code 200 
{ 
"name": "New ACR connector 4", 
"description": "This is a new connector for ACR", 


"acrConnectorId": "66f9c9bf-9b04-4631-bb64-d0abfa44e6f6" 
} 


Fetch AWS account ID and external ID 

/v1.3/registry/aws-base 

[GET] 

Use this API to get your AWS account ID and external ID to help you create an ARN. 


API request: 
curl -X GET 'https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry/aws- 


base' --header ‘Authorization: Bearer <token>' 
Response: 
{ 
"accountId": "20576771xxxx", 


"externalld": 27738xxxx 


Fetch AWS US GovCloud account ID and external ID 
/v1.3/registry/aws-gov-base 

[GET] 

Use this API to get your AWS US GovCloud account ID and external ID. 


API request: 
curl -X GET 'https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry/aws- 


gov-base' --header 'Authorization: Bearer <token>' 
Response: 

( 

"accountId": "12345678xxxx", 


"externalld": 12345xxxx 
} 
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Fetch a list of AWS connectors in your account 
/v1.3/registry/aws/connectors 
[GET] 


You can get a list of AWS connectors to help you create a registry. You'll see accountType 
as Global, US_Gov or null for each connector in the API response. 


API request: 


curl -X GET 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry/aws/connectors' 
--header ‘Authorization: Bearer <token>' 


Response: 
[ 

( 
"name": "AWSC1", 
"arn": "arn:aws:iam::205767712438:role/abcd", 
"description": "AWS connector 1" 
"accountType": "Global" 

) , 

( 
"name": "AWSC2", 
"arn": "arn:aws:iam::383031258652:role/testabcd", 
"description": "AWS connector 2" 
"accountType": "US Gov" 


Fetch a list of AWS connectors for a certain account ID 
/v1.3/registry/aws/connectors/{accountId} 

[GET] 

You can get a list of AWS connectors for an account ID to help you create a registry. 


Input Parameters: 


Parameter Description 
accountld Provide the AWS account Id to get a list of connectors. 


API request: 


curl -X GET 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry/aws/connectors/1 
23456789012' --header ‘Authorization: Bearer <token>' 


Response: 
[ 
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"name": "AWSCI", 
"arn": "arn:aws:iam::123456789012:role/abcd", 
"description": "AWS connector 1" 
"accountType": "Global" 
b 
( 
"name": "AWSC2", 
"arn": "arn:aws:iam::123456789012:role/testabcd", 
"description": "AWS connector 2" 
"accountType": "Global" 


Create a new AWS connector 
/v1.3/registry/aws/connector 

[POST] 

Use this API to create a new AWS connector. 


Input Parameters: 


Parameter Description 

arn ARN number of the account ID. 

externalld The externalld of your organization. 

name Connector name. 

accountType Specify the AWS account type as Global or US_Gov. 
description (Optional) Connector description. 


API request: 


curl -X POST 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry/aws/connector' - 
d '("arn":"arn:aws:iam::205767712438:role/abcd", 
"externalld":"903805594", "name":"TestAWS", "accountType":"US Gov", 
"description":"Testing of AWS account")' --header 'Authorization: Bearer 
<token>' 


Response: 


response code 200 


Fetch a list of GCR connectors in your account 


/v1.3/registry/gcp/connectors 
[GET] 
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You can get a list of GCR connectors to help you create a registry. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/gcp/connectors' 
--header 'Authorization: Bearer <token>' 


Response: 
( 
"name": "New GCR connector", 
"description": "This is a new connector for GCR", 


"gcpConnectorId": "104702225660035614490", 
"gcpProjectId": "my-second-project-239110" 


), 

( 

"name": "New GCR connector 2", 

"description": "This is a new connector for GCR", 
"gcpConnectorId": "107686475468845834251", 
"gcpProjectId": "my-second-project-239110" 


) 


Fetch GCR connector details 
/v1.3/registry/gcp/connector/{connectorld} 
[GET] 

You can get the details for a GCR connector. 


Input Parameters: 


Parameter Description 
connectorld Provide the GCR connector Id to get the details for. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/gcp/connector/10 


4702225660035614490' --header 'Authorization: Bearer <token>' 
Response: 

( 

"name": "New GCR connector", 

"description": "This is a new connector for GCR", 


"gcpConnectorId": "104702225660035614490", 
"gcpProjectId": "my-second-project-239110" 
} 
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Create a new GCR connector 
/v1.3/registry/gcp/connector 

[POST] 

Use this API to create a new GCR connector. 


Input Parameters: 


Parameter Description 

name Connector name. 

description (Optional) Connector description. 
Service Account JSON Provide the configuration JSON file. 


API request: 


curl -X POST 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/gcp/connector?na 


me=NewS$20GCR%20connector' --header 'Authorization: Bearer <token>' 
Response: 

( 

"name": "New GCR connector", 

"description": "This is a new connector for GCR", 


"gcpConnectorId": "104702225660035614490", 
"gcpProjectId": "my-second-project-239110" ) 


Validate registry parameters 
/v1.3/registry/validate 
[POST] 


Use this API to validate parameters for a registry you intend to create. You can validate if a 
registry already exists, whether AWS/Azure/GCP account ID exists, if the credentials 
provided are correct, and so on. 


Input Parameters: 


Parameter Description 
ACR 
connectorId Provide the ACR connector Id if your registry will be 


hosted on Azure. This parameter is required when the 
registry Type is Azure and you want to create a new ACR 
connector. 


AWS 
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accountld Provide the AWS account Id if your registry will be 
hosted on AWS. Parameters accountld, arn, and region 
are required when the registry Type is AWS ECR and you 
want to create a new AWS connector. 

arn ARN number of the account ID. 
Specify the ARN if you want to use an existing AWS 
connector, or if you want to create a new connector. 

region Region where your AWS account belong to. 

accountType Specify the AWS account type as Global or US_Gov. 

GCP 

connectorld Provide the GCR connector Id if your registry will be 
hosted on GCP. Parameters connectorld, location, and 
projectld are required when the registryType is GCP and 
you want to create a new GCR connector. 

location Location where your GCP account belongs to. 

projectld Your GCP project ID, which is alphanumeric. 

GCAR 

connectorld Provide the GCAR connector Id if your registry will be 
hosted on GCP. Parameters connectorld, projectld, and 
registry are required when the registryType is 
GOOGLE_ARTIFACT_REGISTRY and you want to create a 
new GCAR connector. 

projectld Your GCP project ID, which is alphanumeric (e.g. cs- 
registry). 

registry Name of the Google Artifact Registry repository (e.g. 
docker-v2-repo). 

Others 

username Username to connect to the registry. Should be in 
base64 format. 

password Password to connect to the registry. Should be in base64 
format. 

credentialType None, Token, BasicAuth, DockerHub, AWS, GCP. 
Note: This parameter is not required while creating 
Azure or GCP registries. 

dockerHubOrgName Optional) Organization name if the registryType is 
DockerHub. 

registry Type AWS ECR, Azure, GCP, DockerHub, Docker V2, Docker 
V2-Private, GOOGLE ARTIFACT. REGISTRY. 

registryUri URL of the registry to connect to. 

registryUuid UUID of the registry you are validating. This is a 


man datory parameter. 
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API request: 


curl -X POST 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/validate' -d 
'("aws": ("accountId":"383031258652", 
"arn":"arn:aws:iam::383031258652:role/testabcd", "region":"us-east-2", 
"accountType":"Global"), "credentialType":"AWS", "registryType":"AWS", 
"registryUri":"https://383031258652.dkr.ecr.us-east-2.amazonaws.com")' -- 
header 'Authorization: Bearer <token>' 


Response: 


response code 200 


Create registry 


/v1.3/registry 


[POST] 


Use this API to create a new registry. 


Input Parameters: 


Parameter Description 
ACR 
connectorId Provide the ACR (Azure Container Registry) connector Id 


if your registry will be hosted on Azure. This parameter 
is required when the registry Type is Azure and you want 
to create a new ACR connector. 


AWS 

accountld Provide the AWS account Id if your registry will be 
hosted on AWS. Parameters accountld, arn, and region 
are required when the registryType is AWS ECR and you 
want to create a new AWS connector. 

arn ARN number of the account ID. Specify the ARN if you 
want to use an existing AWS connector, orif you want to 
create a new connector. 

region Region where your AWS account belongs. You must 
specify a US GovCloud region when accountType is 
US Gov. 

accountType Specify the AWS account type as Global or US_Gov. 

GCP 

connectorld Provide the GCR connector Id if you registry will be 
hosted on GCP. Parameters connectorld, location, and 
projectld are required when the registryType is GCP and 
you want to create a new GCR connector. 

location Location where your GCP account belong to. 
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projectld Your GCP project ID, which is alphanumeric. 

GCAR 

connectorld Provide the GCAR connector Id if your registry will be 
hosted on GCP. Parameters connectorld, projectld, and 
registry are required when the registryType is 
GOOGLE_ARTIFACT_REGISTRY and you want to create a 
new GCAR connector. 

projectld Your GCP project ID, which is alphanumeric (e.g. cs- 
registry). 

registry Name of the Google Artifact Registry repository (e.g. 
docker-v2-repo). 

Others 

username Username to connect to the registry. Should be in 
base64 format. 

password Password to connect to the registry. Should be in base64 
format. 

credentialType None, Token, BasicAuth, DockerHub, AWS, GCP. 
Note: This parameter is not required while creating 
Azure or GCP registries. 

dockerHubOrgName Optional) Organization name if the registryType is 
DockerHub. 

registry Type AWS ECR, Azure, GCP, DockerHub, Docker V2, Docker 
V2-Private, GOOGLE_ARTIFACT_REGISTRY. 

registryUrl URL of the registry to connect to. 

registryUuid This parameter should be empty during connector 


creation. 


API request (sample for AWS): 


curl -X POST 'https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry' -d 
'("aws": ("accountId":"383031258652", 
"arn":"arn:aws:iam::383031258652:role/testabcd", "region":"us-east-2", 
"accountType":"Global"), "credentialType":"AWS", "registryType":"AWS", 
"registryUri":"https://383031258652.dkr.ecr.us-east-2.amazonaws.com")' -- 
header 'Authorization: Bearer <token>' 


Response: 


("registryUuid":"955715e0-0fc7-4dac-b4de-2e1092£c527]a"] 


Response Code: 200 
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API request (sample for GCAR): 


curl -X POST 'https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry' -d 
'("gcarRequest":("connectorId":"1131360358474747331","projectId":"qualys- 
cs","registry":"cstest"J,"credentialType":"GCP","registryType":"GOOGLE AR 
TIFACT REGISTRY","registryUri":"https://us-centrall- 
docker.pkg.dev","registryUuid": null)' --header 'Authorization: Bearer 
<token>' 


Response: 
{"registryUuid":"b36965d6-c111-4964-a0ef-6d817454c3c1"} 


Response Code: 200 


Update registry 
/v1.3/registry/{registryld} 

[PUT] 

Use this API to update an existing registry. 


Input Parameters: 


Parameter Description 
ACR 
connectorId Provide the ACR (Azure Container Registry) connector Id 


if your registry is hosted on Azure. This parameter is 
required when the registry Type is Azure and you want to 
update an ACR connector. 


AWS 

accountld Provide the AWS account Id if your registry is hosted on 
AWS. Parameters accountld, arn, and region are 
required when the registryType is AWS ECR and you 
want to update an AWS connector. 

arn ARN number of the account ID. Specify the ARN if you 
want to use an existing AWS connector, or if you want to 
create a new connector. 

region Region where your AWS account belongs. You must 
specify a US GovCloud region when accountType is 
US Gov. 

accountType Specify the AWS account type as Global or US_Gov. 

GCP 

connectorld Provide the GCR connector Id if you registry is hosted on 
GCP. Parameters connectorld, location, and projectld are 
required when the registryType is GCP and you want to 
update a GCR connector. 

location Location where your GCP account belong to. 
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projectld Your GCP project ID, which is alphanumeric. 
GCAR 
connectorld Provide the GCAR connector Id if your registry will be 


hosted on GCP. Parameters connectorld, projectld, and 
registry are required when the registryType is 
GOOGLE_ARTIFACT_REGISTRY and you want to create a 
new GCAR connector. 


projectld Your GCP project ID, which is alphanumeric (e.g. cs- 
registry). 

registry Name of the Google Artifact Registry repository (e.g. 
docker-v2-repo). 

Others 

username Username to connect to the registry. Should be in 
base64 format. 

password Password to connect to the registry. Should be in base64 
format. 

credentialType None, Token, BasicAuth, DockerHub, AWS, GCP. 
Note: This parameter is not required while creating 
Azure or GCP registries. 

dockerHubOrgName Optional) Organization name if the registryType is 
DockerHub. 

registry Type AWS ECR, Azure, GCP, DockerHub, Docker V2, Docker 
V2-Private, GOOGLE_ARTIFACT_REGISTRY. 

registryUri URL of the registry to connect to. 

registryUuid UUID of the registry you are updating. This is a 


man datory parameter. 


API request: 


curl -X PUT 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/Db994c2e6-8961- 
4133-a889-662d8c£52310' -d '("credential": ("username":"dXNlcm5hbWU-", 
"password": "cGFzc3dvecm0="), "credentialType":"BasicAuth", 
"registryType":"V2", "registryUri":"https://383039876789.dkr.ecr.us-east- 
1.amazonaws.com"}' --header 'Authorization: Bearer <token>' 


Response: 


Returns the same registry ID with response code 200. 
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Fetch a list of repositories in a registry 


/v1.3/registry/{registryld}/repository 


[GET] 


Here’s sample request and output to fetch a list of repositories in a registry. 


Input Parameters: 


Parameter Description 

registryld (Required) The ID of the registry for which you want to 
list the repositories. 

filter Filter the registries list by providing a query using 


Qualys syntax. Refer to the “How to Search” topic in the 
online help for assistance with creating your query. 


pageNumber or pageNo 


(Required) The page to be returned. Page numbers start 
with 1. 


For API v1.1 and v1.2, only pageNo is supported. 
For API v1.3, only pageNumber is supported. 


pageSize (Required) The number of records per page to be 
included in the response. 
sort Sort the results using a Qualys token. For example 


repositoryName:asc. Refer to the “Sortable tokens” 
topic in the online help for more information. 


API request: 


curl -X GET 


'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/995a2ab4-48dc- 
48ef-905d-9ecf846d63cb/repository?pageNumber-l&pageSize-50' --header 
'Authorization: Bearer <token>' 


Response: 


( 
"data": [ 
( 


"repoName": "qualys/cms/cms-processor-service", 


"totalImages": 


4, 


"totalScannedImages": 4, 
"totalVulnerableImages": 2 


"repoName": "qualys/cms/cms-api-service", 


"totalImages": 


4, 


"totalScannedImages": 4, 
"totalVulnerableImages": 1 


} 
l; 


"count": 25 
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Fetch a list of schedules created for a registry 


/v1.3/registry/[registryId]/schedule 


[GET] 


Here's sample request and output to fetch a list of schedules created for a registry. 


Input Parameters: 


Parameter Description 

registryld (Required) The ID of the registry for which you want to 
list the schedules. 

filter Filter the registries list by providing a query using 


Qualys syntax. Refer to the “How to Search” topic in the 
online help for assistance with creating your query. 


pageNumber or pageNo 


(Required) The page to be returned. Page numbers start 
with 1. 


For API v1.1 and v1.2, only pageNo is supported. 
For API v1.3, only pageNumber is supported. 


pageSize (Required) The number of records per page to be 
included in the response. 
sort Sort the results using a Qualys token. For example 


created:desc. Refer to the “Sortable tokens” topic in 
the online help for more information. 


API request: 


curl -X GET 


'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/995a2ab4-48dc- 
48ef-905d-9ecf846d63cb/schedule?pageNumber-1&pageSize-50' --header 
'Authorization: Bearer <token>' 


Response: 


( 
"data": [ 
( 


"scheduleUuid": "f98a64e7-4a62-40ae-b155-4a0cd445b42b", 
"onDemand": true, 

"Created": "1537174851067", 

"updated": "1537174851067", 

"jobStartDate": "1537174851192", 

"jobCompletionDate": null, 


"name": null, 


"errors": null, 
"schedule": "00:00", 
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"filters": [ 
{ 
"repoTags": [ 
{ 
"repo": Be 
"tag": null 
) 
l, 
"days": null 
) 
l, 


"status": "Running" 


"ScheduleUuid": "397b65f8-4b91-4698-8d7b-245b667981c3", 
"onDemand": true, 

"created": "1536745686008", 

"updated": "1536745686008", 


"jobStartDate": "1536745686923", 
"jobCompletionDate": "1536745690933", 
"name": null, 

"errors": null, 


"schedule": "00:00", 
"filters": [ 
( 
"repoTags": [ 
( 
"repo": "qualys/cms/cms-api-service", 
"tags 1:2::0..0" 
} 
l; 


"days" :> 7 
} 
l, 
"status": "Completed" 
), 
l, 
"count "+. 5y 


"groups": {} 


Create registry schedule 
/v1.3/registry/{registryld}/schedule 


Use this API to create a schedule to pull and scan a registry. 
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Parameter Description 

registryld (Required) The ID of the registry you want to scan. 

OnDemand Specify true if you want to enable OnDemand scan. 
Otherwise, Automatic scan will be triggered everyday at 
a set time. 

repo Provide the name of the repository you want to scan. 
You can add one more repositories to a single scan 
schedule. 

tag For OnDemand scan, include image tags you want to 
include in the scan (comma separated values). 

days For OnDemand scan, include images created a certain 


number of days ago. Enter 1-7 days or 14 (for last two 
weeks). 


scheduleScanmtervallInl 


Days 


For Automatic scan, specify how often the scan should 
run in days (1-365). For example, set to 1 to scan daily, 
set to 7 to scan every 7 days, set to 10 to scan every 10 
days, etc. 


schedule (Valid only when scheduleScanIntervallnDays=1) For a 
daily Automatic scan, specify the scan start time in UTC 
(e.g., 19:30). 

forceScan (The Force Registry Image Scan feature must be enabled 


for your subscription. When enabled, this option is valid 
for OnDemand scans and for Automatic scans when 
scheduleScaniIntervalInDays is 7 or greater.) Specify 
true if you want to scan all images each time the 
registry scan is launched. This means each scan job will 
scan new images and re-scan previously found images. 
Default is false. 


API request: 
curl -X POST 


'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/123a4ab5-67dc- 
89ef-012d-3ecf456d78cb/schedule' -d '{"name":"scheduleTest", 


"onDemand":false, 


"filters": [{"repoTags": [{"repo":"qualys/cms/cms-api- 


service"}], "days":null}], "scheduleScanIntervalInDays":7, 
"schedule":null, 


«token»' 


Response: 


"registryType":"AWS")' --header 'Authorization: Bearer 


{"scheduleUuid":"123b45£6-7b8 9-0123-4d5b-678b901234c5"} 
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Update registry schedule 
/v1.3/registry/{registryld}/schedule/{scheduleld} 
[PUT] 


Use this API to update an existing registry schedule. Jobs in running state cannot be 
updated. 


Input Parameters: 


Parameter Description 

registryld (Required) ID/UUID of the registry you want to update. 
scheduleld (Required) ID/UUID of the schedule you want to update. 
OnDemand Specify true if you want to enable OnDemand scan. 


Otherwise, Automatic scan will be triggered everyday at 
a set time. (This parameter cannot be updated, as you 
can update only Automatic scan jobs.) 


repo Provide the name of the repository you want to scan. 
You can add one more repositories to a single scan 
schedule. (This parameter cannot be updated.) 


tag For OnDemand scan, include image tags you want to 
include in the scan (comma separated values). 
(This parameter cannot be updated, as you can update 
only Automatic scan jobs.) 


days For OnDemand scan, include images created certain 
days ago. Enter 1-7 days or 14 (for last two weeks). 
(This parameter cannot be updated, as you can update 
only Automatic scan jobs.) 


scheduleScanIntervallnDays For Automatic scan, specify how often the scan should 
run in days (1-365). For example, set to 1 to scan daily, 
set to 7 to scan every 7 days, set to 10 to scan every 10 


days, etc. 

schedule (Valid only when scheduleScanIntervallnDays=1) For a 
daily Automatic scan, specify the scan start time in UTC 
(e.g., 19:30). 

forceScan (The Force Registry Image Scan feature must be enabled 


for your subscription. When enabled, this option is valid 
for OnDemand scans and for Automatic scans when 
scheduleScaniIntervalInDays is 7 or greater.) Specify 
true if you want to scan all images each time the 
registry scan is launched. This means each scan job will 
scan new images and re-scan previously found images. 
Default is false. 
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API request: 


curl -X PUT 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/123a4ab5-67dc- 
89ef-012d-3ecf456d7 8cb/schedule/123b45f6-7b8 9-0123-4d5b-678b901234c5' -d 
'("name":"scheduleTest", "onDemand":false, "filters": [{"repoTags": 
[{"repo":"qualys/cms/cms-api-service"}], "days":null]], 
"ScheduleScanIntervalInDays":1, "schedule":"13:00", 
"registryType":"AWS")' --header 'Authorization: Bearer «token»' 


Response: 


Returns the same schedule ID with response code 200. 


Cancel a registry schedule 
/N1.3/registry/[registryId/schedule/[schedulelId]/cancel 
[POST] 

Use this API to cancel a single registry schedule. 


Input Parameters: 


Parameter Description 


registryld (Required) ID/UUID of the registry you want to cancel 
the schedule for. 


scheduleld (Required) ID/UUID of the schedule you want to cancel. 


API request: 


curl -X POST 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry/4d319710-lelc- 
48c3-a19f-548bb8e438a5/schedule/93efaf06-364d-401f-b4fd- 
e0c9810bd8e6/cancel' --header 'Authorization: Bearer <token>' 


Response: 


response code 200 
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Cancel multiple or all registry schedules in bulk 
/v1.3/registry/{registryld}/schedule/cancel 
[POST] 


Use this API to bulk cancel registry schedules. You can provide a “filter” or a list of 
“schedulelds” as part of the API request to identify the schedules you want to cancel. 
When both are provided in the same request, then only the schedulelds specified will be 
canceled. 


Note that scan jobs with a status of Finished, Unknown and Error cannot be canceled and 
will be ignored automatically. 


With this API, you can: 
- cancel all schedules (pass filter with scheduleUuid with a value of * to match all) 
- cancel all schedules that match a particular filter, such as status Running 


- cancel only certain schedules by passing the schedule IDs. 


Input Parameters: 


Parameter Description 


registryld (Required) ID/UUID of the registry you want to cancel 
the schedule for. 


schedulelds ID/UUID of the schedules you want to cancel. 


When specifying multiple schedulelds in the same 
request, enter them in this way: 
schedulelds-value1&schedulelds-value2&schedulelds- 
value3, and so on. 


Note that scan jobs with a status of Finished, Unknown 
and Error cannot be canceled and will be ignored 
automatically when included in the request. 


filter Filter the schedules list by providing a query using 
Qualys syntax. Refer to the “How to Search” topic in the 
online help for assistance with creating your query. 
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API sample to cancel multiple schedules using schedulelds 
In this sample, we'll cancel 2 schedules by specifying the schedule IDs. 


API request: 


curl -X POST 
"http://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/0ald9b9a-3bab- 
42ec-a894-4485969a47616/schedule/cancel?scheduleIds-0a1d9b9a-3bab-42ec- 
a894-4d5969a47616&scheduleIds-0al1d9b9a-3bab-42ec-a894-4d5969a47616" -- 
header 'Authorization: Bearer <token>' 


Response: 


{ 
"CancelJobId": "1b54a117-b413-4aa8-8511-61860487619c" 


API sample to cancel all schedules matching a filter 
In this sample, we'll use filter to cancel all schedules with a status of Running. 


API request: 


curl -X POST 
"http://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/0ald9b9a-3bab- 
42ec-a894-445969a47616/schedule/cancel?filter-status$3ARunning" --header 
'Authorization: Bearer <token>' 


Response: 


{ 
"CancelJobId": "1b54a117-b413-4aa8-8511-61860487619c" 


API sample to cancel all schedules 


In this sample, we'll cancel all schedules by using filter with scheduleUuid equal to * 
(962A) in order to match all schedule IDs. (Scans with certain status levels will be skipped 
from this action.) 


API request: 


curl -X POST 
"http://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/eale91f1-2686- 
45af-827f-2ec9ee4/schedule/cancel?scheduleIds-&filter-scheduleUuid£23A£2A" 
--header 'Authorization: Bearer <token>' 


Response: 


{ 
"deletionJobId": "1b54a117-b413-4aa8-8511-61860487619c" 
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Delete registries in your account 


/v1.3/registry/ 
[DELETE] 


Use this API to delete one or more registries in your account. Note that you cannot delete 
a registry whose schedules are in “Running” state. 


You can choose to provide a request body without parameters or you can specify UUIDs as 
input parameters in the API request. 


When specifying the request body: 


Request Body: 


Parameter Description 


registryDeleteRequest (Required) Provide one or more registry UUIDs for the 
registries you want to delete. 


When specifying input parameters as part of the path: 


Input Parameters: 


Parameter Description 


registrylds Provide one or more registry UUIDs for the registries you 
want to delete. When specifying multiple registries in 
the same request, enter them in this way: 
registryIds-value1&registryIds-value2&registryIds-val 
ue3, and so on. 


Sample 1 - Use request body to specify registries to delete 
In this sample, a request body is used as part of the API request. 


API request: 


curl -X DELETE 'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry' 
-d '{"registrylIds": ["95b715e0-0fc7-4dac-b4de-2e1b92fc527d"]}' --header 
"Authorization: Bearer <token>' 


Response: 
Returns {"deletionJobId":"980ce235-5677-4997-81ca-3905e63471bb" } 


response code 200 
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Sample 2 - Delete a single registry using registry UUID 
In this sample, we'll delete a single registry by specifying the UUID as input parameter. 


API request: 


curl -X DELETE 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry?registrylds=8b26 
1e4e-47f3-3b6a-a5a7-668ff0d6e3eb' --header ‘Authorization: Bearer 
<token>' 


Response: 


{ 
"deletionJobId": "8b04c56a-33ad-44ba-a128-fc643b0af3c7" 
} 


Sample 3 - Delete multiple registries using registry UUIDs 


In this sample, we'll delete 2 registries in the same request. Specify multiple registries by 
entering registryIds-value1&registrylds-value2, and so on. 


API request: 


curl -X DELETE 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/registry?registrylds=8b26 
1e4e-47f3-3b6a-a5a7-668ff0d6e3eb&registryIds-9b251e3e-52f3-25b6a-a6a7- 
678ff0d5e2eb' --header 'Authorization: Bearer <token>' 


Response: 


{ 
"deletionJobId": "1b54a117-b413-4aa8-8511-61860487619c" 


} 


Delete a registry schedule 
/v1.3/registry/{registryld}/schedule/{scheduleld} 
[DELETE] 

Use this API to delete an existing registry schedule. 


Input Parameters: 


Parameter Description 


registryld (Required) ID/UUID of the registry you want to delete 
the schedule for. 


scheduleld (Required) ID/UUID of the schedule you want to delete. 
Note: You cannot delete a schedule which is in 
“Running” state. 
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API request: 


curl -X DELETE 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/8eadf73e-357a- 
4282-9351-1ff453e4131d/schedule/aeablccd-a2ae-4bd9-807d-d387500555fbe' -- 
header 'Authorization: Bearer <token>' 


Response: 


response code 200 


Delete multiple registry schedules 
/v1.3/registry/{registryld}/schedule 
[DELETE] 


Use this API to delete multiple registry schedules by specifying the schedulelds. If you 
have a large number of schedules to delete or want to delete all schedules matching a 
particular filter, see Delete multiple or all registry schedules in bulk. 


Input Parameters: 


Parameter Description 


registryId Required) ID/UUID of the registry you want to delete 
gisuy q gisuyy 
the schedules for. 


schedulelds (Required) ID/UUIDs of the schedules you want to 
delete. Should be in the form of an array. 
Note: You cannot delete schedules that are in "Running" 
state. 


API request: 


curl -X DELETE 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/fc129b85-e23c- 
4236-9fd2-47a257746208/schedule/' -d '["9a9468c9-33d7-49aa-8275- 
ale92b30c916","8843983c-f0c6-441b-b8ed-4d00acf195b3"]' --header 
"Authorization: Bearer <token>' 


Response: 


Returns {"deletedScheduleUuids": ["9a9468c9-33d7-49aa-8275- 
ale92b30c916","8843983c-f0c6-441b-b8ed-4d00acf195b3"]) 


response code 200 
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Delete multiple or all registry schedules in bulk 
/v1.3/registry/{registryld}/schedule/bulk 
[DELETE] 


Use this API to bulk delete registry schedules. You can delete one, multiple or all registry 
scan schedules in bulk. This is especially useful when you have a large number of Finished 
or Canceled scans and want to bulk delete them so they no longer appear in your Scan 
Jobs list. 


Provide a “filter” or a list of “schedulelds” as part of the API request to identify the 
schedules you want to delete. When both are provided in the same request, then only the 
schedulelds specified will be deleted. 


Scan jobs with a status of Queued, Unknown and Running cannot be deleted and will be 
ignored automatically. Cancel scan jobs first and then delete them. 


You can: 
- delete all schedules (pass filter with scheduleUuid with a value of * to match all) 
- delete all schedules that match a particular filter, such as status Finished 


- delete only certain schedules by passing the schedule IDs 


Input Parameters: 


Parameter Description 

registryld (Required) ID/UUID of the registry you want to delete 
the schedules for. 

schedulelds ID/UUIDs of the schedules you want to delete. 


When specifying multiple schedulelds in the same 
request, enter them in this way: 
schedulelds-value1&schedulelds-value2&schedulelds- 
value3, and so on. 


Scan jobs with a status of Queued, Unknown and 
Running cannot be deleted and will be ignored 
automatically when part of the request. Cancel scan 
jobs first and then delete them. 


filter Filter the schedules list by providing a query using 
Qualys syntax. Refer to the "How to Search” topic in the 
online help for assistance with creating your query. 


Z5 


Registries 
Delete multiple or all registry schedules in bulk 


API sample to delete multiple schedules using schedulelds 
In this sample, we'll delete 2 schedules in the same request by specifying the schedule IDs. 


API request: 


curl -X DELETE 
"http://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/0ald9b9a-3bab- 
42ec-a894-445969a47616/schedule/bulk?scheduleIds-f6770189-8554-46ba-9d24- 
624b7e98767d8schedulelds=f677b189-8b54-46ba-9d24-624b7e98767d" --header 
"Authorization: Bearer <token>' 


Response: 


{ 
"deletionJobId": "1b54a117-b413-4aa8-8511-61860487619c" 


API sample to delete all schedules matching a filter 
In this sample, we'll use filter to delete all schedules with a status of Finished. 


API request: 


curl -X DELETE 
"http://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/0ald9b9a-3bab- 
42ec-a894-445969a476/schedule/bulk?scheduleIds-&filter-status$3AFinished" 
--header 'Authorization: Bearer <token>' 


Response: 


{ 
"deletionJobId": "1b54a117-b413-4aa8-8511-61860487619c" 


API sample to delete all schedules 


In this sample, we'll delete all schedules by using filter with scheduleUuid equal to * (%2A) 
in order to match all schedule IDs. (Scans with certain status levels will be skipped from 
this action.) 


API request: 


curl -X DELETE 
"http://gateway.qg2.apps.qualys.com/csapi/v1.3/registry/eale91f1-2686- 
45af-827f-2a2ec9ee4/schedule/bulk?scheduleIds-&filter-scheduleUuid£23A£22A" 
--header 'Authorization: Bearer <token>' 


Response: 


{ 
"deletionJobId": "1b54a117-b413-4aa8-8511-61860487619c" 


76 


Sensors 
Fetch a list of sensors in your account 


Sensors 


Here is the list of the APIs we currently support for sensors: 


API Objective Operator API Path 

Show a list of sensors in your GET /csapi/v1.3/sensors 

account 

Show details of a sensor GET /csapi/v1.3/sensors/(sensorld) 
Delete sensors in your account DELETE  /csapi/v1.3/sensors 


Samples for various operations on sensors: 


Fetch a list of sensors in your account 
Fetch sensor details 
Delete sensors in your account 


Fetch a list of sensors in your account 


/v1.3/sensors 


[GET] 

Input Parameters: 

Parameter Description 

filter Filter the sensors list by providing a query using Qualys 


syntax. Refer to the “How to Search” topic in the online 
help for assistance with creating your query. 


pageNumber or pageNo (Optional) The page to be returned. Page numbers start 
with 1. 


For API v1.1 and v1.2, pageNumber and pageNo are both 
supported. If both are specified in the same request, 
then pageNumber takes precedence. 


For API v1.3, only pageNumber is supported. 


pageSize (Required) The number of records per page to be 
included in the response. 


sort Sort the results using a Qualys token. For example 
created: desc. Refer to the “Sortable tokens” topic in 
the online help for more information. 
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curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/sensors?pageNumber-1&pag 


Sensors 
Fetch a list of sensors in your account 


Size=50ésort=created%3Adesc' --header 'Authorization: Bearer <token>' 
Response: 
{ 
"data": [ 


{ 


"uuid": "d8bfff8e-4819-4828-b293-cc92e3e27647", 
"activationUuid": "038a9bfe-9f91-4bb0-a7e5-3f9615538642", 


"hostname": "qradar vm", 


"customerUuid": "283f2b9a-ldb4-e06a-814e-851eb53825eb", 


"dockerVersion": "17.09.1-ce", 
"ipv4": "10.113.198.178", 
"os": "Ubuntu 16.04.3 LTS", 
"yv": "mU 

"sensorVersion": "1.2.5-22", 


"platform": "LINUX SENSOR", 
"lastCheckedIn": "1558518764356", 
"label": [ 

{ 


"W key" H "name" y 

"value": "Qualys Sensor Image" 
), 

"key": "org.label-schema.name", 

"value": "CentOS Base Image" 


"key": "VersionInfo", 
"value": "Qualys Sensor Version 1.2.5-22" 
DÉI 
{ 
"key": "org.label-schema.license", 
"value": "GPLv2" 
}, 
{ 
"key": "org.label-schema.schema-version", 
"value": "1.0" 
}, 
{ 
"key": "vendor", 
"value": "Qualys, Inc" 
), 
{ 
"key": "org.label-schema.build-date", 


"value": "20181006" 


"key": "org.label-schema.vendor", 


"value": "CentOS" 
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), 
( 
"key": "build-date", 
"value": "Wed Mar 20 10:35:21 UTC 2019" 
}, 
{ 


"key": "maintainer", 
"value": "devops <devops@qualys.com>" 
} 
l, 
"privileged": "false", 
"macAddress": "00:50:56:9£:41:£8", 


"vulnSigVersion": null, 
"hostUuid": "2d5f7c15-a3e7-4bef-8183-2fd03f60aebe", 


"configurationProfile": null, 


"status": "Running", 
"registry": "docker.io", 
sha 


"9187496ccb3£96217ed2a4c3ce01d39abeaa442£9fa46a4fa131f£8d054edd9a4", 


"sensorld": "9187496ccb3f", 
"name": "qualys-container-sensor", 
"created": "1557467066000", 
"imageId": "d6c910425801", 
"imageSha": 


"d6c910425801a703530b92f943575b8ea%daa520f77f96e891993£1549a27073", 


l; 


hy 


"binaryVersion": null, 
"containerlpv4": null, 
"containerlpv6": null, 
"containerMacAddress": "", 
"sensorType": "CICD" 


"count": 4 
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Fetch sensor details 


/v1.3/sensors/(sensorld) 


[GET] 

Input Parameters: 

Parameter Description 

sensorld Specify the ID of a specific sensor in the user’s scope. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/vl1.3/sensors/29d0a0bf6cdf' -- 
header 'Authorization: Bearer <token>' 


Response: 


( 
"uuid": "07ed65f6-474e-4d4c-9393-591b551f87ac", 
"activationUuid": "43f2d8e2-0551-48e0-a8e0-102c74d4531922", 


"hostname": "cloudagent", 

"customerUuid": "77d66479-27e6-71bf£-8143-35087e107fc9", 
"dockerVersion": "19.03.5", 

"Uipva"s UTIOSITIIT2.T3' 

"os": "CentOS Linux 7 (Core)", 

"ilpvoMr um, 

"sensorVersion": "1.7.0-6", 


"platform": "LINUX SENSOR", 
"lastCheckedIn": "1615440575433", 


"label": [ 
( 
"key": "build-date", 
"value": "Tue Jan 5 18:28:18 UTC 2021" 
), 
( 
"key": "image-source", 
"value": "SJC-USA" 
} 
m 
"privileged": "false", 
"macAddress": "00:50:56:aa:fb: 9a", 


"vulnSigVersion": null, 
"hostUuid": "l1fcf95c1-f£881-4584-a452-febe3f55809a", 
"configurationProfile": null, 


"status": "Unknown", 
"registry": "docker.io", 
"sha": 


"23d0a0bf6cdf9e513d15b17a4533elfeec976288£42200£60238326941ebad65", 
"sensorId": "29d0a0bf6cef", 
"name": "qualys-container-sensor", 
"Created": "1615380389000", 
"imageId": "9e9ff9b51e30", 
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"imageSha": 
"9e69fe9b52e30£0997de62aab796£c60e12e357d4d2c7e0c58298833c3£fc£788d", 
"binaryVersion": null, 


"containerlpv4": null, 
"containerlpv6": null, 
"containerMacAddress": "", 
"sensorType": "GENERAL", 
"containerRuntime": "DOCKER", 
"containerRuntimeVersion": "19.03.5", 
"cluster": { 
"type": "kubernetes", 
Yverston™ sh al, 
"project": "k8s-project", 
"node": { 
"name": "k8s-node", 
"isMaster": true 
), 
"pod". 
"name": "pod-name", 
"uuid": "6325d4f-bf0c-3488-8144-89c7d03dfacf", 
"namespace": "cs", 
"label": [ 
( 
"key": "com.docker.compose.container-number", 
"value": "1" 
), 
( 
"key": "com.docker.compose.service", 
"value": "lb" 
} 
] 
"controllers": [ 


"uuid": "a3145d4f-bf0c-3488-8144-89c7d03dfacf", 
"name": "deployment-name", 
"type": "DEPLOYMENT" 


"uuid": "b3145d4f-bf0c-3488-8144-89c7d03dfacf", 
"name": "replicaset-name", 
"type": "REPLICASET" 
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Delete sensors in your account 
/v1.3/sensors 

[DELETE] 

You can only delete sensors with UNKNOWN status. 


You can choose to provide a request body without parameters or you can specify UUIDs or 
filter as input parameters in the API request. See samples. 


When specifying request body: 
Request Body: 


Parameter Description 


sensorDeleteRequest (Required) user filters to query sensors or provide one or 
more sensor UUIDs to delete. 
Filter can be applied by providing a query using Qualys 
syntax. Refer to the “How to Search” topic in the online 
help for assistance with creating your query. 


When specifying input parameters as part of path: 


Input Parameters: 


Parameter Description 


sensorlds One or more sensor UUIDs for the sensors you want to 
delete. When specifying multiple sensors in the same 
request, enter them in this way: 
sensorlds=value1 &sensorlds=value2&sensorlds=value3, 
and so on. 


filter Filter the sensors list by providing a query using Qualys 
syntax. Refer to the “How to Search” topic in the online 
help for assistance with creating your query. 


Sample 1 - Use request body to specify sensors to delete 
In this sample, a request body is used as part of the API request. 


API request: 


curl -X DELETE 'https://gateway.qg2.apps.qualys.com/csapi/vl.3/sensors' - 
d '{"filter":"hostname:cms"}' --header 'Authorization: Bearer «token»' 


Response: 
Returns {"deletionJobId": "bbaac4c7-6263-4e2f-b391-bcb032975206"} 


response code 200 
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Sample 2 - Delete single sensor using sensor UUID 
In this sample, we will delete a single sensor by specifying the sensor UUID. 


API request: 


curl -X DELETE 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/sensors?sensorIds=dba5571 
8-73 6b-4bac-ae9a-38bb59643b45' --header ‘Authorization: Bearer <token>' 


Response: 


{ 
"deletionJobId": "8b04c56a-33ad-44ba-a128-fc643b0af3c7" 


Sample 3 - Delete multiple sensors using sensor UUIDs 


In this sample, we'll delete 2 sensors in the same request. Specify multiple sensors by 
entering sensorlds=value1&sensorlds=value2, and so on. 


API request: 


curl -X DELETE 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/sensors?sensorIds=dba5571 
8-736b-4bac-ae9a-38bb59643b45&sensorlIds-bcd55718-736b-3bac-ae7a- 
34bb59644b32' --header 'Authorization: Bearer <token>' 


Response: 


( 
"deletionJobId": "6e04c56a-42ad-44ba-a678-fc642b0af3c9" 


Sample 4 - Delete sensors using a filter 
In this sample, we will delete sensors based on the filter parameter. 


API request: 


curl -X DELETE 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/sensors?filter-sensorId$3 
A4f97332e3a23' --header 'Authorization: Bearer <token>' 


Response: 


( 
"deletionJobId": "7a93e37e-b2c6-40ac-8f18-70f87fcf3957" 
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Activation Key 


Use this API to get the keys required to activate a new sensor. The API response includes 
your customerld, activationld, and platformUrl. 


API Objective Operator API Path 
Get activation key GET /csapi/v1.3/activationkey 


Get activation key 
/csapi/v1.3/activationkey 
[GET] 

API request: 


curl -X GET 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/activationkey' --header 
'Authorization: Bearer <token>' 


Response: 
( 
"customerld": "192cc974-1e44-cb6c-806e-f£78f6441cb0d", 
"activationId": "192cc974-1e44-cb6c-806e-f78f6441cb0d", 
"platformUrl": "https://qualysguard.qualys.com/" 


) 
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Vulnerability Reports 


Create and manage Image and Container Vulnerability Reports using the following API 
endpoints. 


API Objective Operator API Path 

Create a report request POST /csapi/v1.3/reports 

Fetch a list of reports GE /csapi/v1.3/reports 

Download a report GET /csapi/v1.3/reports/{reportUuid}/download 
Delete reports DELETE  /csapi/v1.3/reports 


Jump to a section to see API samples: 


Create a report request 
Fetch a list of reports 
Download a report 
Delete reports 


Create a report request 
/csapi/v1.3/reports 

[POST] 

Use this API to create a new report request. 


Input Parameters: 


Parameter Description 

name (Required) Specify a title for your report (up to 150 
characters). 

description Specify a description for your report (up to 250 
characters). 

templateName (Required) Specify the template for the report you want 
to create. Valid values are: CS IMAGE VULNERABILITY 
or CS CONTAINER VULNERABILITY 
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filter Filter the images or containers list for the report by 
providing a query using Qualys syntax. Refer to the 
"How to Search" topic in the online help for assistance 
with creating your query. 

displayColumns Specify the columns to include in the report. Multiple 


columns should be comma-separated. When 
unspecified, ALL report columns will be included. When 
an empty value is provided, only default columns will be 
included. 


When the template CS. IMAGE VULNERABILITY is used, 
you can include any of these columns: repo, imageld, 
sha, uuid, created, updated, qid, title, severity, cveids, 
vendorReference, cvssBase, cvssTemporal, cvss3Base, 
cvss3Temporal, threat, impact, solution, exploitability, 
associatedMalwares, category, software, result. Default 
columns are: gid, imageld. 


When the template CS CONTAINER VULNERABILITY is 
used, you can include any of these columns: name, 
containerld, uuid, imageld, created, hostName, hostlp, 
state, stateChanged, updated, qid, title, severity, cveids, 
vendorReference, cvssBase, cvssTemporal, cvss3Base, 
cvss3Temporal, threat, impact, solution, exploitability, 
associatedMalwares, category, software, result. Default 
columns are: qid, containerld. 


API request: 
curl -X POST 


'https://gateway.qg2.apps.qualys.com/csapi/v1.3/reports' -d 


'("description":"Demo Report","name":"My Container 
Report","templateName":"CS CONTAINER VULNERABILITY", 
"filter":"status:running","displayColumns":"["containerid","uuid","qid"]" 


)' --header 


Response: 


response code 200 


{ 


"reportUuId": 


) 


"Authorization: Bearer <token>' 


"037570£0-0193-llea-9327-8fbbd2104c9c" 
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Fetch a list of reports 

/csapi/v1.3/reports 

GET] 

Use this API to fetch a list of reports from your account. 


nput Parameters: 


Parameter Description 


filter Filter the reports list by providing a query using Qualys 
syntax. Currently, you can only filter by reportName. 
Refer to the "How to Search" topic in the online help for 
assistance with creating your query. 


pageSize The number of records per page to be included in the 
response. The default value is 50. 

pageNumber The page to be returned. Page numbers start with 1. The 
default value is 1. 

sort Sort the results using a Qualys token. You can sort by 


status or reportName only. Default value is status:desc. 
Refer to the “Sortable tokens” topic in the online help for 
more information. 


API request: 


curl -X GET 
"https://gateway.qg2.apps.qualys.com/csapi/vl.3/reports ?pageNumber=1 &pag 
Size-50' --header ‘Authorization: Bearer <token>' 


Response: 


{ 
"data": [ 
{ 
"reportUuid": "4738d060-5b02-1leb-a819-9b3f1886eb36", 
"createdAt": "2021-01-20T09:31:27.0002", 


"reportName": "sample-image-report", 
"description": null, 

"fileFormat": "csv", 

"templateName": "CS IMAGE VULNERABILITY", 
"status": "FAILED", 

"reportType": "ON DEMAND", 


"filter": null, 
"displayColumns": ["ALL"] 


"reportUuid": "42699db0-9ebl-11eb-bbb6-833197dc0c5b", 
"createdAt": "2021-04-16T12:42:52.0002", 


"reportName": "sample-container-report", 
"description": null, 
"fileFormat": "csv", 
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"templateName": "CS CONTAINER VULNERABILITY", 
"status": "COMPLETED", 
"reportType": "ON DEMAND", 
"filter": NS 
"displayColumns": [ 
"name", 


"containerld", 
"imageld", 
"ard " 
"cveids" 


} 
l; 


"count": 2 


Download a report 
/csapi/v1.3/reports/{reportUuid}/download 
[GET] 

Use this API to download a specific report. 


Input Parameters: 


Parameter Description 
reportUuid (Required) The UUID for the report you want to 
download. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/reports/903db2f0-e450- 
11e9-9cdc-8362feld0c3a/download' --header 'Authorization: Bearer <token>' 


Response: 


response code 200 
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Delete reports 

/csapi/v1.3/reports 

[DELETE] 

Use this API to delete one or more reports from your account. 


Input Parameters: 


Parameter Description 


reportUuids (Required) One or more report UUIDs for the reports you 
want to delete. When specifying multiple reports to 
delete, enter them in this way: 
reportUuids=value1&reportUuids=value2 &reportUuids= 
value3, and so on. 


API request: 


curl -X DELETE 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/reports?reportUuids-a6476 
d20-c69f-11ea-8700-3d4057ac643a' --header 'Authorization: Bearer <token>' 


Response: 


response code 200 


{ 
"data": null, 
"message": "Report Successfully deleted." 
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Compliance 

Here is the list of the APIs we currently support for policy compliance posture: 

API Objective Operator API Path 

Show PC compliance posture for GE /csapi/v1.3/images/[imageSha]/compliance 

an image 

Fetch PC compliance posture fora GET /csapi/v1.3/containers/{containerSha}/complian 
container ce 

Fetch details for a control GE /csapi/v1.3/controls/{controlld} 

Fetch a list of controls GE /csapi/v1.3/controls 


Samples for various operations on compliance: 


Fetch compliance posture for an image 
Fetch compliance posture for a container 
Fetch control details 

Fetch a list of controls 


Fetch compliance posture for an image 


/v1.3/images/{imageSha}/compliance 


[GET] 

Input Parameters: 

Parameter Description 

imageSha Specify the SHA value of a specific image in the user’s 
scope. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/images/c64844065dcbc3d0a9 
0c365c1f£56421766a5cebf05f7ecbd3377af410fff09fd/compliance' --header 
'Authorization: Bearer <token>' 


Response: 


( 
"uuid": "5d48f83b-cddb-33ac-8fad-e8452dd116b1", 
"sha": 
"c64844065dcbc3d0a90c365c1£56421766a5cebf05£7ecbd3377a£410f£ff09fd", 
"customerUuid": "192cc974-1e44-cb6c-806e-f78f6441cb0d", 
"Created": "1603477517000", 
"updated": "1605017537578", 
"controls": [ 
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"controlld": 10826, 

"policyUuid": "e07da90a-dc32-48e0-9bbb-2eae68012333", 
"technologyId": 0, 

"criticality": "MEDIUM", 

"posture": "SETTING NOT FOUND", 

"LlastEvaluated": "1605017382800", 

"datapoints": [ 


{ 


"key": "dockersensor00.image.healthcheck", 
"value": "161803399999999" 


) 


l; 
"lastComplianceScanned": "1605017537578" 


Fetch compliance posture for a container 


/v1.3/containers/{containerSha}/compliance 


[GET] 

Input Parameters: 

Parameter Description 

containerSha Specify the SHA value of a specific container in the 


user’s scope. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/containers/b87b645dffda05 
e59bb80ac20678b1c1f£051c4a1286bafe8c55a58e523d49af5/compliance' --header 
'Authorization: Bearer <token>' 


Response: 


{ 
"uuid": "fd011da7-9fed-314£-9884-76713eb66156", 


"sha": 
"5p87b645dffda05e59bb80ac20678b1c1f051c4a1286bafe8c55a58e523d49af5", 
"customerVuid": "192cc974-1e44-cb6c-806e-f78f£6441cb0d", 
"created": "1604869118000", 
"updated": "1604922275091", 
"controls": | 
( 

"controlld": 10808, 

"bolicyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3", 

"technologyId": 0, 

"criticality": "CRITICAL", 


91 


Compliance 
Fetch control details 


"posture": "SETTING NOT FOUND", 
"lastEvaluated": "1604869185266", 
"datapoints": [ 


{ 


"key": "dockersensor00.container.capdrop", 
"value": "161803399999999" 


"controlld": 10716, 

"policyUuid": "e18b623d-3f07-485b-a754-5a1c31727df3", 
"technologyId": 0, 

"criticality": "SERIOUS", 

"posture": "SETTING NOT FOUND", 

"lastEvaluated": "1604869185266", 

"datapoints": [ 


{ 


"key": "dockersensor00.container.pidmode", 
"value": "161803399999999" 


) 
l, 
"lastComplianceScanned": "1604869185266" 


Fetch control details 


/v1.3/controls/{controlld} 


[GET] 

Input Parameters: 

Parameter Description 

controlld Specify the ID of a compliance control for which you 


want to get details. 


API request: 


curl -X GET 
'https://gateway.qg2.apps.qualys.com/csapi/v1.3/controls/10808' --header 
'Authorization: Bearer <token>' 


Response: 
( 
"id": 10808, 
"statement": "Status of the 'cap-drop' flag settings on Docker 
containers on the host system", 
"criticality": "CRITICAL", 
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"comments": "STMT: Status of the 'cap-drop' flag settings on Docker 
containers on the host system\n\nRAT: Linux Capabilities allows dividing 
privileges associated with superuser into distinct group of smaller units, 
known as capabilities. By default, Docker containers are started with a 
restricted set of capabilities wher ach one can be independently enabled 
and disabled. This enables the processes running inside a container to 
perform almost all the specific areas where root privileges are usually 
needed without having to have them run as root.  Unrestricted Linux 
capabilities could allow unauthorized access to containers which could 
potentially lead to attacks such as privilege escalation exploits. Linux 
Capabilities on Docker containers should be restricted as appropriate to 
the needs of the business to have only those that are required for the 
containers to perform their 
function.\n\nCIS_ Docker 1.11.0 Benchmark v1.0.0: 5.3 Restrict Linux 
Kernel Capabilities within 
containers NnCIS Docker 1.12.0 Benchmark v1.0.0: 5.3 Restrict Linux Kernel 
Capabilities within containers", 


"deprecated": "Control is not deprecated", 

"category": "Access Control Requirements", 
"subCategory": "Authorization (Single-user ACL/role)", 
"technologies": [ 


( 

"technologyld": 283, 

"technologyName": "Docker Containers/Images", 

"rational": "Linux Capabilities allows dividing privileges 
associated with superuser into distinct group of smaller units, known as 
capabilities. By default, Docker containers are started with a restricted 
set of capabilities wher ach one can be independently enabled and 
disabled. This enables the processes running inside a container to 
perform almost all the specific areas where root privileges are usually 
needed without having to have them run as root.  Unrestricted Linux 
capabilities could allow unauthorized access to containers which could 
potentially lead to attacks such as privilege escalation exploits. Linux 
Capabilities on Docker containers should be restricted as appropriate to 
the needs of the business to have only those that are required for the 
containers to perform their function.", 

"remediation": "Run the following command to verify that the added 
and dropped Linux Kernel Capabilities are in line with the ones needed for 
container process for each container instance.\n# docker ps --quiet | 
xargs docker inspect --format '): CapAdd=} CapDrop=}'\n\nRun the following 
command to add needed capabilities: Nnf£ docker run --cap-add={\"Capability 
1\",\"Capability 21") <run-arguments> «container-image-name-or-ID» 
<command>\n\nFor example, \n# docker run --interactive --tty --cap- 
add-(N"NET ADMIN\",\"SYS ADMIN") centos:latest /bin/bash\n\nTo drop 
unneeded capabilities, run the following command: \n# docker run --cap- 
drop={\"Capability 1\",\"Capability 21") <run-arguments> <container- 
image-name-or-ID» <command>\n\nFor example, \ndocker run --interactive -- 
tty --cap-drop={\"SETUID\",\"SETGID\"} centos:latest 
/bin/bash\n\nAlternatively, drop all capabilities and add only add only 
those that are the needed:\n# docker run --cap-drop-all --cap- 
add={\"Capability 1\",\"Capability 21") <run-arguments> «container-image- 
name-or-ID» <command>\n\nFor example, \ndocker run --interactive --tty -- 
cap-drop-all --cap-add={\"NET ADMIN\",\"SYS_ ADMIN\"} centos:latest 
/bin/bash" 
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Fetch a list of controls 


/v1.3/controls 
GET] 


nput Parameters: 


Parameter Description 


filter Filter the controls list by providing a query using Qualys 
syntax. Refer to the "How to Search" topic in the online 
help for assistance with creating your query 


pageNumber (Required) The page to be returned. The default is 1. 


pageSize (Required) The number of records per page to be 
included in the response. The default value is 50. 


sort Sort the results using a Qualys token. For example 
created: desc. Refer to the "Sortable tokens” topic in 
the online help for more information. 


API request: 


curl -X GET 


'https://gateway.qg2.apps.qualys.com/csapi/v1.3/controls?pageNumber-l&pag 
eSize=508sort=created$3Adesc' --header 'Authorization: Bearer <token>' 


Response: 


( 
"data": [ 
( 

"id 18990; 

"statement": "Status of the host devices and their exposure", 

"criticality": "SERIOUS", 

"comments": "STMT: Status of the host devices and their 
exposure\n\nRAT: Host devices can be directly exposed to containers at 
runtime. Do not directly expose host devices to containers, especially to 
containers that are not trusted. The --device option exposes host devices 
to containers and as a result of this, containers can directly access 
these devices. Th container would not need to run in privileged mode to 
access and manipulate them, as by default, the container is granted this 
type of access. Additionally, it would possible for containers to remove 
block devices from the host. You therefore should not expose host devices 
to containers directly. If for some reason you wish to expose the host 
device to a container you should consider which sharing permissions you 
wish to use on a case by case base as appropriate to your 
organization.NnMnMn----MnOld mappings before granular NIST was added: New 
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control\n\nGranular mapping: NnAC-1, ACCESS CONTROL POLICY AND 
PROCEDURES \n\nDelete Old Mapping:N/A\nGranular Mapping: Yes\nGranular 
Mapping Review: No", 


"deprecated": "Control is not deprecated", 
"category": "OS Security Settings", 
"subCategory": "System Settings (OSI layers 6-7)", 
"technologies": [ 
{ 
"id": 181, 
"name": "Docker CE/EE", 
"rational": "Host devices can be directly exposed to containers 
at runtime. Do not directly expose host devices to containers, especially 
to containers that are not trusted. The --device option exposes host 


devices to containers and as a result of this, containers can directly 
access these devices. Th container would not need to run in privileged 
mode to access and manipulate them, as by default, the container is 
granted this type of access. Additionally, it would possible for 
containers to remove block devices from the host. You therefore should not 
expose host devices to containers directly. If for some reason you wish to 
expose the host device to a container you should consider which sharing 
permissions you wish to use on a case by case base as appropriate to your 
organization.", 


"remediation": "You should not directly expose host devices to 
containers. If you do need to expose host devices to containers, you 
should use granular permissions as appropriate to your organization: \nFor 
example, do not start a container using the command below:\ndocker run -- 
interactive --tty --device=/dev/tty0:/dev/tty0:rwm -- 
device-/dev/temp sda:/dev/temp sda:rwm centos bashinYou should only share 
the host device using appropriate permissions: \ndocker run --interactive - 
-tty --device-/dev/tty0:/dev/tty0:rw -- 
device-/dev/temp sda:/dev/temp sda:r centos bash" 

}, 
{ 

“id”: 283, 

"name": "Docker Containers/Images", 

"rational": "Host devices can be directly exposed to containers 
at runtime. Do not directly expose host devices to containers, especially 
to containers that are not trusted. The --device option exposes host 
devices to containers and as a result of this, containers can directly 
access these devices. Th container would not need to run in privileged 
mode to access and manipulate them, as by default, the container is 
granted this type of access. Additionally, it would possible for 
containers to remove block devices from the host. You therefore should not 
expose host devices to containers directly. If for some reason you wish to 
expose the host device to a container you should consider which sharing 
permissions you wish to use on a case by case base as appropriate to your 
organization.", 


"remediation": "You should not directly expose host devices to 
containers. If you do need to expose host devices to containers, you 
should use granular permissions as appropriate to your organization: \nFor 
example, do not start a container using the command below: Nndocker run -- 
interactive --tty --device=/dev/tty0:/dev/tty0:rwm -- 
device-/dev/temp sda:/dev/temp sda:rwm centos bashinYou should only share 
the host device using appropriate permissions: Mndocker run --interactive - 
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-tty --device-/dev/tty0:/dev/tty0:rw -- 
device-/dev/temp sda:/dev/temp sda:r centos bash" 
) 
] 
}, 
{ 


"id": 10808, 

"statement": "Status of the 'cap-drop' flag settings on Docker 
containers on the host system", 

"criticality": "CRITICAL", 

"comments": "STMT: Status of the 'cap-drop' flag settings on Docker 


containers on the host system\n\nRAT: Linux Capabilities allows dividing 
privileges associated with superuser into distinct group of smaller units, 
known as capabilities. By default, Docker containers are started with a 
restricted set of capabilities wher ach one can be independently enabled 
and disabled. This enables the processes running inside a container to 
perform almost all the specific areas where root privileges are usually 
needed without having to have them run as root. Unrestricted Linux 
capabilities could allow unauthorized access to containers which could 
potentially lead to attacks such as privilege escalation exploits. Linux 
Capabilities on Docker containers should be restricted as appropriate to 
the needs of the business to have only those that are required for the 
containers to perform their 

function.\n\nCIS Docker 1.11.0 Benchmark v1.0.0: 5.3 Restrict Linux 
Kernel Capabilities within 

containers\nCIS Docker 1.12.0 Benchmark v1.0.0: 5.3 Restrict Linux Kernel 
Capabilities within containers", 


"deprecated": "Control is not deprecated", 
"category": "Access Control Requirements", 
"subCategory": "Authorization (Single-user ACL/role)", 
"technologies": [ 
{ 

tida 112, 

"name": "Docker 1.x", 

"rational": "Linux Capabilities allows dividing privileges 


associated with superuser into distinct group of smaller units, known as 
capabilities. By default, Docker containers are started with a restricted 
set of capabilities wher ach one can be independently enabled and 
disabled. This enables the processes running inside a container to 
perform almost all the specific areas where root privileges are usually 
needed without having to have them run as root.  Unrestricted Linux 
capabilities could allow unauthorized access to containers which could 
potentially lead to attacks such as privilege escalation exploits. Linux 
Capabilities on Docker containers should be restricted as appropriate to 
the needs of the business to have only those that are required for the 
containers to perform their function.", 

"remediation": "Run the following command to verify that the 
added and dropped Linux Kernel Capabilities are in line with the ones 
needed for container process for each container instance.\n# docker ps -- 
quiet | xargs docker inspect --format '}: CapAdd=) CapDrop=}'\n\nRun the 
following command to add needed capabilities: Nnf docker run --cap- 
add={\"Capability 1\",\"Capability 21") <run-arguments> «container-image- 
name-or-ID» <command>\n\nFor example, \n# docker run --interactive --tty - 
-cap-add-(N"NET ADMIN\",\"SYS_ADMIN\"} centos:latest /bin/bash\n\nTo drop 
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unneeded capabilities, run the following command: Mn£ docker run --cap- 
drop={\"Capability 1\",\"Capability 21") <run-arguments> <container- 
image-name-or-ID> <command>\n\nFor example, \ndocker run --interactive -- 
tty --cap-drop={\"SETUID\",\"SETGID\"} centos:latest 
/bin/bash\n\nAlternatively, drop all capabilities and add only add only 
those that are the needed:\n# docker run --cap-drop-all --cap- 
add={\"Capability 1\",\"Capability 21") <run-arguments> <container-image- 
name-or-ID> <command>\n\nFor example, \ndocker run --interactive --tty -- 
cap-drop-all --cap-add={\"NET ADMIN\",\"SYS_ ADMIN\"} centos:latest 
/bin/bash" 

DÉI 

( 


"ig" Let, 
"name": "Docker CE/EE", 
"rational": "Linux Capabilities allows dividing privileges 


associated with superuser into distinct group of smaller units, known as 
capabilities. By default, Docker containers are started with a restricted 
set of capabilities wher ach one can be independently enabled and 
disabled. This enables the processes running inside a container to 
perform almost all the specific areas where root privileges are usually 
needed without having to have them run as root.  Unrestricted Linux 
capabilities could allow unauthorized access to containers which could 
potentially lead to attacks such as privilege escalation exploits. Linux 
Capabilities on Docker containers should be restricted as appropriate to 
the needs of the business to have only those that are required for the 
containers to perform their function.", 

"remediation": "Run the following command to verify that the 
added and dropped Linux Kernel Capabilities are in line with the ones 
needed for container process for each container instance.\n# docker ps -- 
quiet | xargs docker inspect --format '}: CapAdd=} CapDrop=}'\n\nRun the 


following command to add needed capabilities: Nnf docker run --cap- 
add={\"Capability 1\",\"Capability 21") <run-arguments> «container-image- 
name-or-ID» <command>\n\nFor example,A1nft docker run --interactive --tty - 


-cap-add-(N"NET ADMINN",N"SYS ADMIN") centos:latest /bin/bash\n\nTo drop 
unneeded capabilities, run the following command:\n# docker run --cap- 
drop={\"Capability 1\",\"Capability 21") <run-arguments> «container- 
image-name-or-ID» <command>\n\nFor example, \ndocker run --interactive -- 
tty --cap-drop={\"SETUID\",\"SETGID\"} centos:latest 
/bin/bash\n\nAlternatively, drop all capabilities and add only add only 
those that are the needed:\n# docker run --cap-drop-all --cap- 
add={\"Capability 1\",\"Capability 21") <run-arguments> «container-image- 
name-or-ID» <command>\n\nFor example, \ndocker run --interactive --tty -- 
cap-drop-all --cap-add-(N"NET ADMINN",N"SYS ADMIN\"} centos:latest 
/bin/bash" 

}, 

{ 


"id": 283, 
"name": "Docker Containers/Images", 
"rational": "Linux Capabilities allows dividing privileges 


associated with superuser into distinct group of smaller units, known as 
capabilities. By default, Docker containers are started with a restricted 
set of capabilities wher ach one can be independently enabled and 
disabled. This enables the processes running inside a container to 
perform almost all the specific areas where root privileges are usually 
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needed without having to have them run as root.  Unrestricted Linux 
capabilities could allow unauthorized access to containers which could 
potentially lead to attacks such as privilege escalation exploits. Linux 
Capabilities on Docker containers should be restricted as appropriate to 
the needs of the business to have only those that are required for the 
containers to perform their function.", 

"remediation": "Run the following command to verify that the 
added and dropped Linux Kernel Capabilities are in line with the ones 
needed for container process for each container instance.\n# docker ps -- 
quiet | xargs docker inspect --format '}: CapAdd-) CapDrop=}'\n\nRun the 
following command to add needed capabilities: Nnf docker run --cap- 
add={\"Capability 1\",\"Capability 21") <run-arguments> <container-image- 
name-or-ID» <command>\n\nFor example, \n# docker run --interactive --tty - 
-cap-add-(N"NET ADMIN\",\"SYS_ADMIN\"} centos:latest /bin/bash\n\nTo drop 
unneeded capabilities, run the following command: \n# docker run --cap- 
drop={\"Capability 1\",\"Capability 2\"} <run-arguments> <container- 
image-name-or-ID> <command>\n\nFor example, \ndocker run --interactive -- 
tty --cap-drop={\"SETUID\",\"SETGID\"} centos:latest 
/bin/bash\n\nAlternatively, drop all capabilities and add only add only 
those that are the needed:\n# docker run --cap-drop=all --cap- 
add={\"Capability 1\",\"Capability 21") <run-arguments> <container-image- 
name-or-ID» <command>\n\nFor example, \ndocker run --interactive --tty -- 
cap-drop-all --cap-add-(N"NET ADMIN\",\"SYS ADMIN\"} centos:latest 
/bin/bash" 

} 


} 
l, 


“Count. M26" 
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